PRIMARY CATEGORY β PROTOCOLS AND SERVICES
FTP β File Transfer Protocol
Ports
- 20 β Data Channel
This data channel is used exclusively for data transmission in Active FTP Mode
IMPORTANT
In Passive FTP Mode, the client initiates the connection, from a random port to a FTP Serverβ dynamic port, which has been previously indicated to the client by the FTP Server
Therefore, Port 20 is not used in this TCP/IP connection
- 21 β Control Channel
The client and server stablish the first TCP/IP through this port
Furthermore, this Control Channel is used by the client to send all the FTP Commands, such as put, get or dir to the FTP server
Modes
Active
The client previously indicates in the Control Channel which destination port the FTP Server should use to stablish the connection to the client itself
Thus, in Active FTP Mode, the FTP Server initiates the connection from its 20 Port to the port previously indicated by the client
Passive
In this case, is the FTP Server that tells the client which port to connect to on the server itself
In this mode, the client initiates the Data Channel connection from a random port to the dynamic port specified in the Control Channel by the FTP Server
Enumeration
User Authentication
FTP Client
ftp <TARGET> [PORT]
> USER
> PASSWORDWeb Browser
ftp://<USERNAME>:<PASSWORD>@<TARGET>:[PORT]Anonymous Login
ftp -a <TARGET> [PORT]The
-aoption bypasses the normal login procedure and use anonymous login instead
Banner Grabbing
Netcat
nc -nv <TARGET> <PORT> <<< ""TLS Certificate
OpenSSL
openssl s_client -connect <TARGET>:<PORT> -starttls ftpDownload Files Recursively
Passive Mode
wget --mirror "ftp://anonymous:anonymous@<TARGET>"Active Mode
wget --mirror --no-passive-ftp "ftp://anonymous:anonymous@<TARGET>"Special Chars in Credentials
wget --mirror [--no-passive-ftp] --user '<USER>' --password '<PASSWORD>' "ftp://<TARGET>"wget --mirror [--no-passive-ftp] --ftp-user='<USER>' --ftp-password='<PASSWORD>' "ftp://<TARGET>"Bruteforcing || Password Spraying
Hydra
Bruteforcing
- One User β Password List
hydra -l <USER> -P <PASSWD_LIST> -v -T <THREADS> ftp://<TARGET>:<PORT>User List β Password List
hydra -L <USER_LIST> -P <PASSWD_LIST> -v -T <THREADS> ftp://<TARGET>:<PORT>Password Spraying
hydra -L <USER_LIST> -p <PASSWORD> -v -T <THREADS> ftp://<TARGET>:<PORT>Medusa
Bruteforcing
One User β Password List
medusa -u <USER> -P <PASSWD_LIST> -h <TARGET> -M <MODULE>User list β Password List
medusa -U <USER_LIST> -P <PASSWD_LIST> -h <TARGET> -M <MODULE>Password Spraying
medusa -U <USER_LIST> -p <PASSWORD> -h <TARGET> -M <MODULE>