FTP Enum

FTP Enumeration


  • Anonymous login

  • Check default credentials

  • Check version for exploit

  • Check for files upon login

  • Check for SSH keys or if you can access .ssh file

  • Try uploading shell if reflected in web server.

  • Brute force credentials

FTP nse scripts

nmap –script ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21

Anonymous Login

ftp 21

Connected to
220 (vsFTPd 3.0.3)
Name ( anonymous
331 Please specify the password.
Password: whatever_password

Error "Program cannot be run in DOS mode"

Make sure that BINARY mode is enable so that you can transfer/execute files.

ftp> binary
200 Type set to I.
ftp> put someexecutable.exe
local: someexecutable.exe remote: someexecutable.exe
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
371329 bytes sent in 1.30 secs (279.2892 kB/s)

See if you can upload on the target

Usually if you see some folder named pub the directory should be:

It may also be a /var/www/html directory where you can upload a shell

Default creds


Last updated