# 21 - FTP \*Consider using FileZilla ### Anonymous FTP username: anonymous password: blank **Login using Anonymous:** ``` root@Kali:~/# ftp 10.10.10.98 Connected to 10.10.10.98. 220 Microsoft FTP Service Name (10.10.10.98:root): anonymous 331 Anonymous access allowed, send identity (e-mail name) as password. Password: 230 User logged in. Remote system type is Windows_NT. ftp> dir 200 PORT command successful. 125 Data connection already open; Transfer starting. 08-23-18 08:16PM Backups 08-24-18 09:00PM Engineer 226 Transfer complete. ftp> exit 221 Goodbye. ``` ### Nmap Port scan using nmap ``` nmap -p 21 --script ftp-* 10.10.10.98 PORT STATE SERVICE VERSION 21/tcp open ftp Microsoft ftpd | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_Can't get directory listing: TIMEOUT | ftp-syst: |_ SYST: Windows_N ``` ### Download everything from FTP server ``` root@Kali:~/# wget -m --no-passive ftp://anonymous:anonymous@10.10.10.98 --2019-03-04 17:00:50-- ftp://anonymous:*password*@10.10.10.98/ => ‘10.10.10.98/.listing’ Connecting to 10.10.10.98:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD not needed. ==> PORT ... done. ==> LIST ... done. 10.10.10.98/.listing [ <=> ] 97 --.-KB/s in 0s ==> PORT ... done. ==> LIST ... done. 10.10.10.98/.listing [ <=> ] 97 --.-KB/s in 0s 2019-03-04 17:00:50 (9.16 MB/s) - ‘10.10.10.98/.listing’ saved [194] --2019-03-04 17:00:50-- ftp://anonymous:*password*@10.10.10.98/Backups/ => ‘10.10.10.98/Backups/.listing’ ==> CWD (1) /Backups ... done. ==> PORT ... done. ==> LIST ... done. ``` ### Connect on a non-standard port ``` root@kali:~# ftp ftp> open 192.148.210.3 134 Connected to 192.148.210.3. 220 (vsFTPd 3.0.3) Name (192.148.210.3:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. -rw-r--r-- 1 ftp ftp 33 Jun 26 13:57 flag 226 Directory send OK. ``` ### Metasploit module: `auxiliary/scanner/ftp/ftp_login` `use auxiliary/scanner/ftp/anonymous` `auxiliary/scanner/ftp/ftp_version` ## Create FTP server On a linux host start a FTP: ``` apt-get install python3-pyftpdlib python3 -m pyftpdlib -p 21 -w ``` Or use metasploit: ``` msf > use auxiliary/server/ftp ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/ftp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.