Links
Comment on page

FTP (21)

File Transfer Protocol

Description

  • FTP is a way to host and share files. It uses TCP 21 for commands and TCP 20 for data. The protocol is clear text meaning all communication is unencrypted.

Enumeration

Nmap

  • Nmap has several scripts for enumerating and interacting with FTP.
  • These can be found here /usr/share/nmap/scripts/ftp-*
1
// Scanning FTP with default nmap scripts
2
nmap -p21 -sC -n --disable-arp-ping 10.129.178.254
3
4
Starting Nmap 7.92 ( https://nmap.org ) at 2023-01-30 15:44 GMT
5
Nmap scan report for 10.129.178.254
6
Host is up (0.13s latency).
7
8
PORT STATE SERVICE
9
21/tcp open ftp
10
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
11
|_-rw-r--r-- 1 ftpuser ftpuser 39 Nov 8 2021 flag.txt
12
13
Nmap done: 1 IP address (1 host up) scanned in 39.75 seconds

Interaction

Connection Methods

  • ftp ftp <target IP>
  • Netcat nc -nv <target IP> 21
  • Telnet telnet <target IP> 21
  • Openssl openssl s_client -connect <target IP:21> -starttls ftp

FTP Modes

  • FTP supports an "ASCII" and "binary" mode. You'll want to switch to binary mode when transferring files or else the files will get modified and may not work correctly e.g., exploits.
1
// After connecting to FTP, you'll see what mode you're in
2
Using binary mode to transfer files.
3
ftp>
4
5
// Switch to binary mode
6
ftp> binary
7
8
// Switch to ASCII mode
9
ftp> ascii

Examples

  • Downloaded files get saved to your local host.
  • For more commands check out the Additional Resourcessection
1
// View files
2
ftp> ls
3
200 PORT command successful
4
150 Opening ASCII mode data connection for file list
5
-rw-r--r-- 1 ftpuser ftpuser 39 Nov 8 2021 flag.txt
6
226 Transfer complete
7
8
// Download file
9
ftp> get flag.txt
10
local: flag.txt remote: flag.txt
11
200 PORT command successful
12
150 Opening BINARY mode data connection for flag.txt (39 bytes)
13
226 Transfer complete
14
39 bytes received in 0.01 secs (3.7088 kB/s)
15
16
// Upload file
17
ftp> put testfile.txt
18
local: testfile.txt remote: testfile.txt
19
200 PORT command successful
20
150 Opening BINARY mode data connection for testfile.txt
21
226 Transfer complete

Anonymous Authentication

  • Depending on the configuration, sometimes you can connect to an FTP server as anonymous and leave the password blank.
ftp 10.129.178.254 21
Connected to 10.129.178.254.
220 InFreight FTP v1.1
Name (10.129.178.254:root): anonymous
331 Anonymous login ok, send your complete email address as your password
Password:
230 Anonymous access granted, restrictions apply
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

Nmap Enumeration

// Some code

Additional Resources