FTP
FTP Enumeration Cheat Sheet¶
Basic FTP Connection¶
| Options | Commands | Description |
|---|---|---|
ftp $target | Connect to the FTP server on the target machine | |
ftp $target 21 | Connect to the FTP server on a specific port (default is 21) | |
anonymous login | Use anonymous as the username to check for anonymous login | |
ftp -n $target | Connect to FTP without auto-login | |
--script="banner,(ftp* or ssl*) | nmap --script="banner,(ftp* or ssl*) $target | NSE scripts |
Common Commands¶
| Options | Commands | Description |
|---|---|---|
passive off | Disabele passive mode | |
ls or dir | List files and directories in the current FTP directory | |
get filename | Download a file from the FTP server | |
put filename | Upload a file to the FTP server (if permissions allow) |
FTP Banner Grabbing¶
| Options | Commands | Description |
|---|---|---|
nc $target 21 | Grab the FTP service banner using netcat | |
telnet $target 21 | Connect to FTP and grab the banner using telnet | |
-sV -p21 | nmap -sV -p21 $target | Perform service version detection on the FTP port with Nmap |
Brute Forcing FTP¶
| Options | Commands | Description |
|---|---|---|
-t 4 | hydra -t 4 -l admin -P passwords.txt ftp://$target | Brute force FTP login with Hydra using 4 threads |
-u -t 4 | medusa -h $target -U users.txt -P passwords.txt -M ftp -t 4 | Brute force FTP login with Medusa using user and password lists |
crackmapexec ftp $target -u users.txt -p passwords.txt | Brute force FTP login with CrackMapExec using user and password lists |