FTP
File Transfer Protocol
Uses
Port 20for Data andPort 21for Commands.It can use
UDPoverPort 69forTFTP.Always check for
anonymouslogin being enabled.
Basic Commands
Start the service:
ftp <IP>To login as any other user:
USER <user>To specify a password:
PASS <password>Download a file:
get <file>Upload a file:
put <file_path> <destination_path>Passive mode:
passiveChange the local directory for downloads:
lcd /home/<your-username>Exit the session:
quitTransferring files using
powershell:
(New-Object Net.WebClient).DownloadFile('ftp://192.168.49.128/file.txt', 'C:\Users\Public\ftp-file.txt')Upload a file using
powershell
PS C:\htb> (New-Object Net.WebClient).UploadFile('ftp://192.168.49.128/ftp-hosts', 'C:\Windows\System32\drivers\etc\hosts')If
anonymouslogin is enabled, usecurl:
curl -O ftp://<server-address>/path/to/fileTFTP
This is the default config file for TFTP --> tftpd-hpa
tftp <IP>Uses
binarymode for non-text files:
mode binaryUses
ASCIImode for text files:
mode asciiTo look for files in the
TFTProot:
find / -name file.txtEnumeration
Is always good practice to look for vulnerabilities:
searchsploit <version>Always check where you land:
pwdList directories:
dirSet a Python Server
First, Install the
Pythonmodule:
sudo pip3 install pyftpdlibThen, set the server:
sudo python3 -m pyftpdlib --port 21By default,
pyftpdlibusesPort 2121andanonymousauthentication is enabled by default if we don't set a user and password.
sudo python3 -m pyftpdlib --port 21 --writeCreate a command file
Is possible to create command files and execute then using the
-sflag:
ftp -v -n -s:ftpcommand.txtCopy this in to a file to create a script that will
downloada file:
open 192.168.49.128
USER anonymous
binary
GET file.txt
byeCopy this in to a file to create a script that will
uploada file to the server:
open 192.168.49.128
USER anonymous
binary
PUT c:\windows\system32\drivers\etc\hosts
byeLast updated