(21)FTP

Uses TCP, maybe that's why it informs us when the transfer wasn't successful?

About

Drawing
Basic FTP connection graph.

Active VS Passive FTP

Drawing
Active vs Passive FTP

TFTP on the other hand, is a more basic implementation of FTP:

  • It uses UDP.

  • Needs no user authentication.

  • No directory listing functionality

These characteristics are enough to assume that this protocol should be used only on strongly secured networks.

Config:

For Linux, it is common to use the vsFTPd server to implement the FTP protocol.

$sudo apt install vsftpd

  • /etc/vstpd.conf

  • /etc/ftpusers : Blocked users

Useful commands:

  • ls

  • debug/trace

  • get/put (if it's enabled)

  • ls -R (if it's enabled) 

# Outputs a directory with the target IP name containing the downloaded content.
$wget -m --no-passive ftp://username:password@targetIP

Enumeration

Nmap

$sudo nmap  -p21 -sC --script=ftp* 10.10.10.10

Interaction and banner grabbing:

Drawing

Upon connecting to the server, we'll get a response depending on how it was configured, we'll try to grab and check that banner to get more information about the server.

$nc <target-ip> 21
$telnet <target-ip> 21

Download all the available content:

$wget -m --no-passive ftp://username:password@targetIP

If the server runs with TLS/SSL encryption:

$openssl s_client -connect <target-ip>:21 -starttls ftp
PreviousHost-Based EnumerationNext(139,445)SMB

Last updated