FTP
port 20/21
Table of Contents
- FTP
- Interacting with FTP
- General Information
- TFTP
- Brute-Forcing FTP
Interacting w/ FTP
Nmap
> sudo nmap -sV -p21 -sC -A 10.129.14.136
FTP
ftp IP
non default port
ftp IP PORT
Anonymous Access
> ftp 192.168.2.142
Connected to 192.168.2.142.
220 (vsFTPd 2.3.4)
Name (192.168.2.142:kali): anonymous
331 Please specify the password.
Password:
230 Login successful.
recursively list all directories and files
ls -R
display directories as a tree
tree .
download all files on the server
wget -m --no-passive ftp://anonymous:anonymous@10.129.14.136
upload file
put filename
OpenSSL
if the FTP server runs with TLS/SSL encryption we can use the client openssl and communicate with the FTP server
> openssl s_client -connect 10.129.14.136:21 -starttls ftp
General Information
FTP is a cleartext Protocol that can be sniffed
Active/Passive Mode
- Active mode -> server connects to client
- Passive mode -> client connects to server, used to avoid issues with firewalls blocking the server's incoming connection to the client
Dangerous FTP settings
| Setting | Description |
|---|---|
anonymous_enable=YES | Allowing anonymous login? |
anon_upload_enable=YES | Allowing anonymous to upload files? |
anon_mkdir_write_enable=YES | Allowing anonymous to create new directories? |
no_anon_password=YES | Do not ask anonymous for password? |
anon_root=/home/username/ftp | Directory for anonymous. |
write_enable=YES | Allow the usage of FTP commands: STOR, DELE, RNFR, RNTO, MKD, RMD, APPE, and SITE? |
TFTP (Trivial FTP)
TFTP General Information
- FTP uses TCP, whereas TFTP uses UDP
Interacting with TFTP
Unlike FTP, TFTP does not provide user authentication, and does not have directory listing functionality. Use nmap tftp-enum to see files.
Because of the lack of security, TFTP, unlike FTP, may only be used in local and protected networks.
A few commands of TFTP:
| Commands | Description |
|---|---|
connect | Sets the remote host, and optionally the port, for file transfers. |
get | Transfers a file or set of files from the remote host to the local host. |
put | Transfers a file or set of files from the local host onto the remote host. |
quit | Exits tftp. |
status | Shows the current status of tftp, including the current transfer mode (ascii or binary), connection status, time-out value, and so on. |
verbose | Turns verbose mode, which displays additional information during file transfer, on or off. |
Brute-Forcing FTP
FTP section in Password Attack's Cracking Network Services