search

FTP

hashtag
Enumeration

Nmap default scripts -sC includes the ftp-anonarrow-up-right Nmap script which checks if a FTP server allows anonymous logins.

hashtag
Anonymous Authentication

$ ftp <IP>

Connected to 192.168.2.142.
220 (vsFTPd 2.3.4)
Name (192.168.2.142:kali): anonymous

enter empty password

hashtag
Protocol Specifics Attacks

hashtag
Bruteforcing

There are many different tools to perform a brute-forcing attack. Let us explore one of them, Medusaarrow-up-right.

With Medusa, we can use the option -u to specify a single user to target, or you can use the option -U to provide a file with a list of usernames.

The option -P is for a file containing a list of passwords.

We can use the option -M and the protocol we are targeting (FTP) and the option -h for the target hostname or IP address.

circle-info

Although we may find services vulnerable to brute force, most applications today prevent these types of attacks. A more effective method is Password Spraying.

hashtag
FTP Bounce Attack

An FTP bounce attack is a network attack that uses FTP servers to deliver outbound traffic to another device on the network. The attacker uses a PORT command to trick the FTP connection into running commands and getting information from a device other than the intended server.

The Nmap -b flag can be used to perform an FTP bounce attack:

Modern FTP servers include protections that, by default, prevent this type of attack, but if these features are misconfigured in modern-day FTP servers, the server can become vulnerable to an FTP Bounce attack.

PreviousAttacking Common ServicesNextSMB

Last updated