21 - FTP
Introduction
Port: 21 (TCP)
The File Transfer Protocol (FTP) is a standard network protocol used for transferring files. There are various ways of exploiting the service:
Anonymous Authentication
Directory Path Traversal: An attacker could create or remove files outside the FTP root folder.
Brute Force Attack
Buffer Overflow: There are FTP services that are vulnerable to Buffer overflows.
Enumeration
You can use Nmap to enumerate an FTP server.
sudo nmap -sC -sV --script="ftp* and not brute" -p21 -n <TARGET>
Anonymous login
If anonymous login is enabled, you can retrieve files as anonymous with a random password.
nmap --script=ftp-anon <TARGET>
PORT STATE SERVICE
21/tcp open ftp
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| -rw-r--r-- 1 1170 924 31 Mar 28 2001 .banner
| d--x--x--x 2 root root 1024 Jan 14 2002 bin
| d--x--x--x 2 root root 1024 Aug 10 1999 etc
| drwxr-srwt 2 1170 924 2048 Jul 19 18:48 incoming [NSE: writeable]
| d--x--x--x 2 root root 1024 Jan 14 2002 lib
| drwxr-sr-x 2 1170 924 1024 Aug 5 2004 pub
|_Only 6 shown. Use --script-args ftp-anon.maxlist=-1 to see all.
Upload/Download binaries
If binary mode is not enabled, your binary files will not upload or download correctly. Thus, you need to type:
binary on
Recursive download
If you want to download every file from an FTP service, you can use wget.
wget -r -m [ --no-passive | --passive-ftp ] ftp://anonymous:password@<TARGET>
mget is also an alternative, but it shall not always work.
prompt off
mget -R <Remote_folder> <Local_folder>
Error: Address already in use
We need to enable passive mode:
pass
References
Last updated