FTP

  • File transfer protocol

  • usually credentials are needed for FTP

  • FTP is clear text so could be sniffed

TFTP

  • Trivial file transfer protocol

  • does not provide user auth

  • uses UDP

  • provides access based only on the read write permissions of a file in the OS

  • used exclusibely in directories and with files that have been shared with alluses and can be read and written globally

  • may only be used in local and protected networks

vsftp

  • config file at /etc/vsftpd.conf

  • user list at /etc/ftpusers

dangerous settings

anonymous_enable=YES

anon_upload_enable=YES

anon_mkdir_write_enable=YES

no_anon_password=YES

anon_root=/home/username/ftp

write_enable=YES

download all available files

wget -m --no-passive ftp://anonymous:anonymous@<ip>

Nmap

update scripts

nmap --script-updatedb

find scripts for ftp

find / -type f -name ftp* 2>/dev/null | grep scripts

service interaction

nc -nv <ip> 21

telnet <ip> 21

openssl s_client -connect <ip>:21 -starttls ftp

PreviousFootprintingNextSMB

Last updated