Hack$Notes
Search…
Hack$Notes
Enumeration
NMAP Scanning
Hping3 Scanning
DNS Enum
SMB Enum
SMTP Enum
POP3
SNMP Enum
LDAP Enum
HTTP Enum
FTP Enum
SSH Enum
MySQL Enum
Oracle Enum
NFS Enum
Internet Relay Chat (IRC)
Telnet
Kerberos
Finger
Ports Open/Close
ident
Postgresl
Transferring Files
Metasploit Framework
Reverse Shells
Buffer Overflow
Spawning a Shell
Password Attacks
Privilege Escalation
Port Forwarding
Tools / Techniques
Resources
Powered By
GitBook
FTP Enum
FTP Enumeration
CheckList
Anonymous login
Check default credentials
Check version for exploit
Check for files upon login
Check for SSH keys or if you can access .ssh file
Try uploading shell if reflected in web server.
Brute force credentials
FTP nse scripts
nmap –script ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21 10.0.0.1
Anonymous Login
ftp 10.10.10.10 21
​
Connected to 10.10.10.10.
220 (vsFTPd 3.0.3)
Name (10.10.10.10:kali): anonymous
331 Please specify the password.
Password: whatever_password
Error "Program cannot be run in DOS mode"
Make sure that BINARY mode is enable so that you can transfer/execute files.
​
Example:
===================
ftp> binary
200 Type set to I.
ftp> put someexecutable.exe
local: someexecutable.exe remote: someexecutable.exe
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
371329 bytes sent in 1.30 secs (279.2892 kB/s)
See if you can upload on the target
Usually if you see some folder named pub the directory should be:
/var/ftp/pub/
​
It may also be a /var/www/html directory where you can upload a shell
Default creds
admin:admin
admin:password
Previous
CheckList
Next
SSH Enum
Last modified
1yr ago
Copy link
Outline
CheckList
FTP nse scripts
Anonymous Login
Error "Program cannot be run in DOS mode"
See if you can upload on the target
Default creds