Hack$Notes
Search…
FTP Enum
FTP Enumeration

CheckList

  • Anonymous login
  • Check default credentials
  • Check version for exploit
  • Check for files upon login
  • Check for SSH keys or if you can access .ssh file
  • Try uploading shell if reflected in web server.
  • Brute force credentials

FTP nse scripts

nmap –script ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21 10.0.0.1

Anonymous Login

ftp 10.10.10.10 21
Connected to 10.10.10.10.
220 (vsFTPd 3.0.3)
Name (10.10.10.10:kali): anonymous
331 Please specify the password.
Password: whatever_password

Error "Program cannot be run in DOS mode"

Make sure that BINARY mode is enable so that you can transfer/execute files.
Example:
===================
ftp> binary
200 Type set to I.
ftp> put someexecutable.exe
local: someexecutable.exe remote: someexecutable.exe
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
371329 bytes sent in 1.30 secs (279.2892 kB/s)

See if you can upload on the target

Usually if you see some folder named pub the directory should be:
/var/ftp/pub/
It may also be a /var/www/html directory where you can upload a shell

Default creds

admin:admin
admin:password
Last modified 1yr ago