Hack$Notes
Search…
Hack$Notes
Enumeration
NMAP Scanning
Hping3 Scanning
DNS Enum
SMB Enum
SMTP Enum
POP3
SNMP Enum
LDAP Enum
HTTP Enum
FTP Enum
SSH Enum
MySQL Enum
Oracle Enum
NFS Enum
Internet Relay Chat (IRC)
Telnet
Kerberos
Finger
Ports Open/Close
ident
Postgresl
Transferring Files
Metasploit Framework
Reverse Shells
Buffer Overflow
Spawning a Shell
Password Attacks
Privilege Escalation
Port Forwarding
Tools / Techniques
Resources
Powered By GitBook
FTP Enum
FTP Enumeration

CheckList

  • Anonymous login
  • Check default credentials
  • Check version for exploit
  • Check for files upon login
  • Check for SSH keys or if you can access .ssh file
  • Try uploading shell if reflected in web server.
  • Brute force credentials

FTP nse scripts

nmap –script ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21 10.0.0.1

Anonymous Login

ftp 10.10.10.10 21
​
Connected to 10.10.10.10.
220 (vsFTPd 3.0.3)
Name (10.10.10.10:kali): anonymous
331 Please specify the password.
Password: whatever_password

Error "Program cannot be run in DOS mode"

Make sure that BINARY mode is enable so that you can transfer/execute files.
​
Example:
===================
ftp> binary
200 Type set to I.
ftp> put someexecutable.exe
local: someexecutable.exe remote: someexecutable.exe
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
371329 bytes sent in 1.30 secs (279.2892 kB/s)

See if you can upload on the target

Usually if you see some folder named pub the directory should be:
/var/ftp/pub/
​
It may also be a /var/www/html directory where you can upload a shell

Default creds

admin:admin
admin:password
Previous
CheckList
Next
SSH Enum
Last modified 1yr ago
Copy link
Outline
CheckList
FTP nse scripts
Anonymous Login
Error "Program cannot be run in DOS mode"
See if you can upload on the target
Default creds