# FTP Enum

### CheckList

* Anonymous login
* Check default credentials 
* Check version for exploit
* Check for files upon login
* Check for SSH keys or if you can access .ssh file
* Try uploading shell if reflected in web server.
* Brute force credentials

### FTP nse scripts

```
nmap –script ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21 10.0.0.1
```

### **Anonymous Login**

```
ftp 10.10.10.10 21

Connected to 10.10.10.10.
220 (vsFTPd 3.0.3)
Name (10.10.10.10:kali): anonymous
331 Please specify the password.
Password: whatever_password
```

### **Error "Program cannot be run in DOS mode"**

```
Make sure that BINARY mode is enable so that you can transfer/execute files.

Example:
===================
ftp> binary
200 Type set to I.
ftp> put someexecutable.exe
local: someexecutable.exe remote: someexecutable.exe
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
371329 bytes sent in 1.30 secs (279.2892 kB/s)
```

### See if you can upload on the target

```
Usually if you see some folder named pub the directory should be:
/var/ftp/pub/

It may also be a /var/www/html directory where you can upload a shell
```

### Default creds

```
admin:admin
admin:password
```