Comment on page
FTP (21)
File Transfer Protocol
- FTP is a way to host and share files. It uses
TCP 21
for commands andTCP 20
for data. The protocol is clear text meaning all communication is unencrypted.
- Nmap has several scripts for enumerating and interacting with FTP.
- These can be found here
/usr/share/nmap/scripts/ftp-*
1
// Scanning FTP with default nmap scripts
2
nmap -p21 -sC -n --disable-arp-ping 10.129.178.254
3
4
Starting Nmap 7.92 ( https://nmap.org ) at 2023-01-30 15:44 GMT
5
Nmap scan report for 10.129.178.254
6
Host is up (0.13s latency).
7
8
PORT STATE SERVICE
9
21/tcp open ftp
10
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
11
|_-rw-r--r-- 1 ftpuser ftpuser 39 Nov 8 2021 flag.txt
12
13
Nmap done: 1 IP address (1 host up) scanned in 39.75 seconds
- ftp
ftp <target IP>
- Netcat
nc -nv <target IP> 21
- Telnet
telnet <target IP> 21
- Openssl
openssl s_client -connect <target IP:21> -starttls ftp
- FTP supports an "ASCII" and "binary" mode. You'll want to switch to binary mode when transferring files or else the files will get modified and may not work correctly e.g., exploits.
1
// After connecting to FTP, you'll see what mode you're in
2
Using binary mode to transfer files.
3
ftp>
4
5
// Switch to binary mode
6
ftp> binary
7
8
// Switch to ASCII mode
9
ftp> ascii
- Downloaded files get saved to your local host.
1
// View files
2
ftp> ls
3
200 PORT command successful
4
150 Opening ASCII mode data connection for file list
5
-rw-r--r-- 1 ftpuser ftpuser 39 Nov 8 2021 flag.txt
6
226 Transfer complete
7
8
// Download file
9
ftp> get flag.txt
10
local: flag.txt remote: flag.txt
11
200 PORT command successful
12
150 Opening BINARY mode data connection for flag.txt (39 bytes)
13
226 Transfer complete
14
39 bytes received in 0.01 secs (3.7088 kB/s)
15
16
// Upload file
17
ftp> put testfile.txt
18
local: testfile.txt remote: testfile.txt
19
200 PORT command successful
20
150 Opening BINARY mode data connection for testfile.txt
21
226 Transfer complete
- Depending on the configuration, sometimes you can connect to an FTP server as
anonymous
and leave the password blank.
ftp 10.129.178.254 21
Connected to 10.129.178.254.
220 InFreight FTP v1.1
Name (10.129.178.254:root): anonymous
331 Anonymous login ok, send your complete email address as your password
Password:
230 Anonymous access granted, restrictions apply
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
// Some code
Last modified 8mo ago