21 - FTP
Many FTP-servers allow anonymous users. These might be badly configured and give too much access, and anonymous access is sometimes required for exploits. Always try to log in with anonymous:anonymous
, anonymous:
(blank password) or anonymous:password
!
FTP has two modes: Binary and ASCII. Keep this in mind to avoid file corruption!
Nmap scripts:
nmap -sV -Pn -vv -p <PORT> --script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221 <IP-ADDRESS>
Hydra brute force attack:
hydra -s <PORT> -C <path/to/wordlist.txt> -u -f <IP-ADDRESS> ftp
Last updated