FTP
Table of Contents
- Basic FTP Overview
- Enumeration Techniques
- Advanced Techniques
- Exploitation Scenarios
- Combining Tools
- Glossary
Basic FTP Overview
FTP Protocol Basics
FTP (File Transfer Protocol) is one of the oldest protocols used to transfer files between a client and server. It operates in the application layer of the TCP/IP protocol stack.
- Control Channel: Uses TCP port 21 for commands and responses.
- Data Channel: Uses TCP port 20 for file transfers.
Key Features:
- Support for file uploads and downloads.
- Directory management commands.
- Clear-text protocol (no encryption unless explicitly configured with TLS/SSL).
Active vs Passive FTP
- Active Mode:
- The client connects to the server’s port 21.
- The server connects back to a port specified by the client.
- Issues with firewalls blocking server-initiated connections.
- Passive Mode:
- The client initiates both control and data connections.
- The server specifies a port for the client to connect to.
- Resolves firewall-related issues.
FTP Status Codes
Common Codes:
220: Service ready for a new user.230: User logged in successfully.530: Authentication required.550: Action not permitted.
Enumeration Techniques
Anonymous FTP Login
Some FTP servers allow anonymous logins for public access.
Command:
ftp TARGET_IP
Example:
Name: anonymous
Password: (leave blank or use your email)
Output:
230 Login successful.
Directory and File Analysis
After logging into the FTP server, you can navigate the directories and retrieve files.
Commands:
ls: Lists the contents of the current directory.cd [directory]: Changes to a specified directory.get [file]: Downloads a file from the server.
Example:
ftp> ls
ftp> cd Documents
ftp> get report.pdf
Advanced Techniques
Recursive Directory Listing
Some FTP servers support recursive directory listing, which provides a complete structure of the files available.
Command:
ls -R
Output:
/:
- file1.txt
/dir1:
- file2.txt
Using Debugging Commands
Enable debugging for detailed information about FTP transactions.
Commands:
debug: Toggles debugging mode.trace: Enables packet tracing.
Example:
ftp> debug
Debugging on (debug=1).
ftp> ls
Exploitation Scenarios
Uploading Exploit Files
Misconfigured FTP servers may allow users to upload files. This can lead to potential exploitation, such as uploading malicious scripts.
Commands:
-
Create a file locally:
echo "Test content" > testfile.txt -
Upload it to the server:
put testfile.txt
Exploiting Misconfigured Permissions
If files or directories have writable permissions, attackers can modify or delete content.
Command:
chmod 777 [file]
Example:
ftp> chmod 777 testfile.txt
Combining Tools
Using Nmap with FTP
Nmap’s scripting engine can provide detailed information about FTP servers.
Command:
nmap -sV -p21 --script ftp-anon TARGET_IP
Example Output:
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed
|_Directory listing: /public
Integrating FTP with Scripting
Automate FTP interactions with scripts.
Example Script:
#!/bin/bash
ftp -n TARGET_IP <<END_SCRIPT
quote USER anonymous
quote PASS
ls
quit
END_SCRIPT
Glossary
| Term | Definition |
|---|---|
| FTP | File Transfer Protocol for transferring files. |
| Passive Mode | Client initiates both control and data connections. |
| Active Mode | Server connects to the client for the data connection. |
| Anonymous Login | FTP access without authentication credentials. |
| Debugging | Detailed information about commands and responses. |
| Recursive Listing | List directories and subdirectories with their contents. |