FTP Enum

FTP Enumeration

CheckList

  • Anonymous login

  • Check default credentials

  • Check version for exploit

  • Check for files upon login

  • Check for SSH keys or if you can access .ssh file

  • Try uploading shell if reflected in web server.

  • Brute force credentials

FTP nse scripts

nmap –script ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21 10.0.0.1

Anonymous Login

ftp 10.10.10.10 21

Connected to 10.10.10.10.
220 (vsFTPd 3.0.3)
Name (10.10.10.10:kali): anonymous
331 Please specify the password.
Password: whatever_password

Error "Program cannot be run in DOS mode"

Make sure that BINARY mode is enable so that you can transfer/execute files.

Example:
===================
ftp> binary
200 Type set to I.
ftp> put someexecutable.exe
local: someexecutable.exe remote: someexecutable.exe
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
371329 bytes sent in 1.30 secs (279.2892 kB/s)

See if you can upload on the target

Usually if you see some folder named pub the directory should be:
/var/ftp/pub/

It may also be a /var/www/html directory where you can upload a shell

Default creds

admin:admin
admin:password
PreviousCheckListNextSSH Enum

Last updated