FTP Enum

FTP Enumeration

CheckList
Anonymous login
Check default credentials 
Check version for exploit
Check for files upon login
Check for SSH keys or if you can access .ssh file
Try uploading shell if reflected in web server.
Brute force credentials
FTP nse scripts
nmap –script ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21 10.0.0.1
Anonymous Login
ftp 10.10.10.10 21
​
Connected to 10.10.10.10.
220 (vsFTPd 3.0.3)
Name (10.10.10.10:kali): anonymous
331 Please specify the password.
Password: whatever_password
Error "Program cannot be run in DOS mode"
Make sure that BINARY mode is enable so that you can transfer/execute files.
​
Example:
===================
ftp> binary
200 Type set to I.
ftp> put someexecutable.exe
local: someexecutable.exe remote: someexecutable.exe
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
371329 bytes sent in 1.30 secs (279.2892 kB/s)
See if you can upload on the target
Usually if you see some folder named pub the directory should be:
/var/ftp/pub/
​
It may also be a /var/www/html directory where you can upload a shell
Default creds
admin:admin
admin:password

CheckList

SSH Enum

Last modified 2yr ago