21-FTP

vsftpd default path (cat /etc/vsftpd.conf | grep -v "#") Details in [[obsidian-git-sync/CERT/HTB_CPTS/Academy/02. Information Gathering/11. Footprinting/Footprinting]]

to download files

//Download All Available Files
wget -m --no-passive ftp://anonymous:anonymous@10.129.14.136

find / -type f -name ftp* 2>/dev/null | grep scripts

sudo nmap -sV -p21 -sC -A 10.129.14.136

sudo nmap -sV -p21 -sC -A 10.129.14.136 --script-trace

openssl s_client -connect 10.129.14.136:21 -starttls ftp

ls -R //recursive listing

tree .

put testupload.txt

//Service Interaction
telnet 10.129.14.136 21
nc -nv 10.129.14.136 21

vsFTPd Config File

cat /etc/vsftpd.conf | grep -v "#"

Setting	Description
listen=NO	Run from inetd or as a standalone daemon?
listen_ipv6=YES	Listen on IPv6 ?
anonymous_enable=NO	Enable Anonymous access?
local_enable=YES	Allow local users to login?
dirmessage_enable=YES	Display active directory messages when users go into certain directories?
use_localtime=YES	Use local time?
xferlog_enable=YES	Activate logging of uploads/downloads?
connect_from_port_20=YES	Connect from port 20?
secure_chroot_dir=/var/run/vsftpd/empty	Name of an empty directory
pam_service_name=vsftpd	This string is the name of the PAM service vsftpd will use.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem	The last three options specify the location of the RSA certificate to use for SSL encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

---

Service Interaction

nc -nv 10.129.14.136 21

telnet 10.129.14.136 21

It looks slightly different if the FTP server runs with TLS/SSL encryption. Because then we need a client that can handle TLS/SSL. For this, we can use the client openssl and communicate with the FTP server. The good thing about using openssl is that we can see the SSL certificate, which can also be helpful.

openssl s_client -connect 10.129.14.136:21 -starttls ftp