File Transfer Protocol

Anonymous Access

Check for anonymous login guest, ftp, anonymous, anonymous@anonymous.com

ftp $ip

File Download

Type "passive" if needed to remove passive mode to be able to continue to access ftp. type "binary" first then get to download files

ftp> passive
ftp> binary

Recursively download files via ftp

wget -r ftp://user:pass@ip/

If you find password-protected zip files use zip2john followed by john the hash

zip2john file.zip >> hashes.txt
john hashes.txt

File upload remote code execution

If ftp allows uploading of files and the webserver has an local file inclusion vulnerability you can upload a php shell and call the file from the webserver to gain a reverse shell maybe it’ll have functionality that auto-executes uploaded files periodically.

ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution

Meta Data

Extract meta data and may contain email addresses

exiftool file

PreviousSimple Mail Transfer Protocol NextDomain Name Service

Last updated 1 year ago