Welcome, today I am writing about FTP Penetration Testing to help new students understand how the protocol works and how they can test the security of their lab.
FTP Protocol
FTP is used by system administrators and developers to transfer files between their machine and a remote server, its main purpose is to transfer files between hosts.
Client vs Server
FTP Commands
FTP Penetration Testing
Enumerating FTP
nmap --script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21 <ip>
nmap --script=ftp-* -p 21 10.10.10.1
Anonymous Login
FTP Bounce Attack
Attack FTP Misconfiguration Servers
Nowadays many people use the same server for a different type of services
Brute Force FTP
Brute force FTP servers are the most common attack on the Internet, can be done using a simple tool that tests the different combinations of usernames and passwords using wordlists against the FTP authentication system but if the username or password isn’t on those wordlists we fail.
It is necessary to create a custom wordlist for each company based on all data we collect during the recon phase.
Traffic Sniffing
tcpdump -i any ftp
FTP Banner Grabbing
nc <IP> 21
FTP Exploits
• ProFTPD-1.3.3c Backdoor
• ProFTPD 1.3.5 Mod_Copy Command Execution
• VSFTPD v2.3.4 Backdoor Command Execution