FTP Enum

FTP Enumeration


  • Anonymous login
  • Check default credentials
  • Check version for exploit
  • Check for files upon login
  • Check for SSH keys or if you can access .ssh file
  • Try uploading shell if reflected in web server.
  • Brute force credentials

FTP nse scripts

nmap –script ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21

Anonymous Login

ftp 21
Connected to
220 (vsFTPd 3.0.3)
Name ( anonymous
331 Please specify the password.
Password: whatever_password

Error "Program cannot be run in DOS mode"

Make sure that BINARY mode is enable so that you can transfer/execute files.
ftp> binary
200 Type set to I.
ftp> put someexecutable.exe
local: someexecutable.exe remote: someexecutable.exe
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
371329 bytes sent in 1.30 secs (279.2892 kB/s)

See if you can upload on the target

Usually if you see some folder named pub the directory should be:
It may also be a /var/www/html directory where you can upload a shell

Default creds

Last modified 2yr ago