> For the complete documentation index, see [llms.txt](https://the-pentesting-guide.marmeus.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://the-pentesting-guide.marmeus.com/active/services/21-ftp.md).

# 21 - FTP

## Introduction

**Port**: 21 (TCP)

The **File Transfer Protocol** (FTP) is a standard network protocol used for transferring files. There are various ways of exploiting the service:

* **Anonymous Authentication**
* **Directory Path Traversal**: An attacker could create or remove files outside the FTP root folder.
* **Brute Force Attack**
* **Buffer Overflow**: There are FTP services that are vulnerable to Buffer overflows.

## Enumeration

You can use Nmap to enumerate an FTP server.

```bash
sudo nmap -sC -sV --script="ftp* and not brute" -p21 -n <TARGET>
```

## Anonymous login

If **anonymous** login is enabled, you can retrieve files as anonymous with a random password.

```bash
nmap --script=ftp-anon <TARGET>
PORT   STATE SERVICE
21/tcp open  ftp
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| -rw-r--r--   1 1170     924            31 Mar 28  2001 .banner
| d--x--x--x   2 root     root         1024 Jan 14  2002 bin
| d--x--x--x   2 root     root         1024 Aug 10  1999 etc
| drwxr-srwt   2 1170     924          2048 Jul 19 18:48 incoming [NSE: writeable]
| d--x--x--x   2 root     root         1024 Jan 14  2002 lib
| drwxr-sr-x   2 1170     924          1024 Aug  5  2004 pub
|_Only 6 shown. Use --script-args ftp-anon.maxlist=-1 to see all.
```

## Upload/Download binaries

If binary mode is **not** enabled, your binary files will not upload or download correctly. Thus, you need to type:

```
binary on
```

## Recursive download

If you want to download every file from an FTP service, you can use wget.

```
wget -r -m [ --no-passive | --passive-ftp ] ftp://anonymous:password@<TARGET>
```

mget is also an alternative, but it shall not always work.

```
prompt off
mget -R <Remote_folder> <Local_folder>
```

## Error: Address already in use

We need to enable passive mode:

```
pass
```

## References

* [Pentesting | Exploiting FTP](https://medium.com/@kubotortech/pentesting-exploiting-ftp-cba8ec81968e)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://the-pentesting-guide.marmeus.com/active/services/21-ftp.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.