FTP (21)

1. Initial Access

If FTP Anonymous Login is enabled, we may use the following credentials:
    ftp:ftp
    anonymous:anoymous

Initiate access - ftp <username>@<IP> [Port]

hydra -L <users list> -P <password list> -f ftp://<IP> [-p <port>]
hydra -l <username> -p <password> -f ftp://<IP> [-p <port>]

Using combined wordlist: hydra -C <combined wordlist> -f ftp://<IP> [-s <port>] 
    # Example: /usr/share/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt

2. Common Scans/Enumeration

nmap

nmap --script "ftp-anon" -p <port> <IP>

Toggle file transfer mode

Once logged in, type "passive" and "binary" for file transfer modes

Banner Grabbing

nc -nv <IP> <port>
nc -sV <IP> <port>

Downloading Shares

wget -m ftp://<username>:<password>@<IP>
wget -m --no-passive ftp://:@<IP>

Grab Cert

openssl s_client -starttls ftp -connect <IP>:<port>

3. Exploitation

Uploading Payloads

put <payload>
    # Accessing the payload via HTTP for example would trigger the payload
    # Recommended .asp or .aspx payloads for Microsoft servers

Refer to Shellsfor generation of reverse shell payloads

PreviousSMB (139 / 445)NextDNS (53)

Last updated 10 months ago

1. Initial Access

Anonymous Login

Brute Force Login

2. Common Scans/Enumeration

nmap

Toggle file transfer mode

Banner Grabbing

Downloading Shares

Grab Cert

3. Exploitation

Uploading Payloads