LinkedInGithub
Edit

FTP 21

FTP Scanning and Enumeration Techniques

FTP (File Transfer Protocol) is used for file transfers between a client and a server. Here are the methods for scanning and enumerating FTP services.

FTP Overview:

  • Default Port: 21

  • Protocol: FTP is a plain-text protocol that operates using newline characters 0x0d 0x0a. It is often necessary to use telnet or nc -C for debugging.

Enumeration Techniques:

  1. Banner Grabbing:

    • Use nc or openssl to grab the banner from the FTP server.

    • Example:

      nc -vn <IP> 21
openssl s_client -connect <IP>:21 -starttls ftp  # Get certificate if any

  2. Unauthenticated Enumeration with Nmap:

    • Use nmap to gather information about the FTP service and version.

      sudo nmap -sV -p21 -sC -A <IP>

  3. FTP Commands:

    • Use the following commands to gather information about the FTP server:

      • HELP: Lists all supported commands.

      • FEAT: Displays FTP features supported by the server. Example:

      HELP
FEAT

  4. Anonymous Login:

    • Attempt anonymous login to access the FTP server. Example:

      ftp <IP>
>anonymous
>anonymous
>ls -a

  5. Automated Enumeration with Nmap Scripts:

    • Use nmap with FTP scripts to check for anonymous login and other FTP-related vulnerabilities. Example:

      nmap --script ftp-* -p 21 <IP>

  6. Browser-based FTP Access:

    • Access FTP through a browser, useful for quickly testing FTP connections. Example:

      ftp://anonymous:anonymous@<IP>

Useful Tools for Scanning:

  • Nmap: For version detection, script scanning, and brute-force checks.

  • Hydra: For brute-forcing FTP credentials.

PreviousDNS 53NextIMAP 143,993

Last updated