FValkyrie_17's Infosec Notes
  • 1nf05EC N0TE5
  • Networking and Network Security
    • Security Models
    • Host Discovery
    • Port Scanning - Service and OS Discovery
    • Port Scanning - Common Firewall and IDS Evasion
    • Naming/Name Service and Directory Service
    • DNS
      • DNS Basics
      • DNS Pentest
    • NetBIOS
      • NetBIOS Basics
      • NetBIOS Pentest
    • BGP(Border Gateway Protocol) and AS Numbers (Autonomous System Numbers)
    • MS-RPC (Remote Procedure Call)
    • SMB (Server Message Block)
      • Basics of SMB
      • SMB Pentesting
    • LDAP (Lightweight Directory Access Protocol)
      • LDAP Working
      • LDAP Exploitation
    • RDP (Remote Desktop Protocol) and VNC (Virtual Network Computing)
    • Telnet (Teletype Network Protocol)
    • FTP (File Transfer Protocol)
    • NFS (Network File System)
    • SSH (Secure Socket Shell)
      • Port Forwarding Primer
    • SQL servers
      • MS-SQL (Microsoft SQL Service)
      • MySQL
    • Hydra Cheat Sheet
    • SMTP
    • SLP (Service Location Protocol)
    • SNMP
      • SNMP Basics
      • SNMP Pentest
    • NTP
    • File Transfer Primers
    • Regex 101
  • Make your dumb netcat shell interactive and awesome
  • Metasploit Primer
    • Important Terminologies
    • Working with Metasploit Database
  • Reverse Engineering 101
    • x86-64 assembly tutorial
      • Introduction to x86-64
  • Web Application Security
    • Security Policies
      • Same Origin Policy
      • Security Headers
        • CSP (Content Security Policy)
        • HSTS (Strict-Transport-Security Header)
        • X-Content-Type-Options
        • X-Frame-Options
        • Referrer-Policy
    • Authentication Bypass
  • Linux Privilege Escalation
    • Permissions in Linux
    • Enumeration
    • Using files with SUID/SGID permission set
    • Using Kernel Exploits
    • Using Service Exploits
    • Exploiting Weak File Permissions
    • Exploiting Sudo
    • Cron Jobs
  • windows privilege escalation
    • Windows Basics
    • PsTools Primer
    • Persistence Techniques
  • Android application security testing
    • Setting it Up
      • Installing Android SDK and emulator
      • Setting up Frida-Server on Android Device
  • HTB writeups
    • Archetype (HTB Starting Point 2x1)
    • Oopsie (HTB Starting Point 2x2)
    • Lame
    • Jerry
  • THM writeups
    • Vulnuniversity
  • Preparation Notes
    • CEH Practical Prep Notes
Powered by GitBook
On this page
  • FTP runs on TCP port 21
  • How does FTP work?
  • Enumerating FTP
  • Exploiting FTP

Was this helpful?

  1. Networking and Network Security

FTP (File Transfer Protocol)

File Transfer Protocol (FTP) is, as the name suggests, a protocol used to allow remote transfer of files over a network. It uses a client-server model to do this, and- as we'll come on to later- relays commands and data in a very efficient way.

FTP runs on TCP port 21

How does FTP work?

A typical FTP session operates using two channels:

  • a command (sometimes called the control) channel - is used for transmitting commands as well as replies to those commands.

  • a data channel - is used for transferring data.

FTP operates using a client-server protocol. The client initiates a connection with the server, the server validates whatever login credentials are provided and then opens the session. While the session is open, the client may execute FTP commands on the server.

FTP servers and FTP clients use the FTP protocol. There are various FTP server software that you can select from if you want to host your FTP file server. Examples of FTP server software include:

  • vsftpd

  • ProFTPD

  • uFTP

For FTP clients, in addition to the console FTP client commonly found on Linux systems, you can use an FTP client with GUI such as FileZilla. Some web browsers also support FTP protocol.

Because FTP sends the login credentials along with the commands and files in cleartext, FTP traffic can be an easy target for attackers.

Enumerating FTP

nmap -sV [ip] -p 21

Exploiting FTP

FTP anonymous Login

username: anonymous password: <blank>

Password cracking with Hydra

Let's say we have a user Dale, whose password we wanna find on a particular ftp server. We use the sample command as shown below:

hydra -t 4 -l "dale" -P /usr/share/wordlists/rockyou.txt -vV 10.10.10.6 ftp

PreviousTelnet (Teletype Network Protocol)NextNFS (Network File System)

Last updated 8 months ago

Was this helpful?