21-FTP

vsftpd default path (cat /etc/vsftpd.conf | grep -v "#") Details in [[obsidian-git-sync/CERT/HTB_CPTS/Academy/02. Information Gathering/11. Footprinting/Footprinting]]

to download files

//Download All Available Files
wget -m --no-passive ftp://anonymous:anonymous@10.129.14.136
find / -type f -name ftp* 2>/dev/null | grep scripts

sudo nmap -sV -p21 -sC -A 10.129.14.136

sudo nmap -sV -p21 -sC -A 10.129.14.136 --script-trace

openssl s_client -connect 10.129.14.136:21 -starttls ftp
ls -R //recursive listing

tree .

put testupload.txt
//Service Interaction
telnet 10.129.14.136 21
nc -nv 10.129.14.136 21

vsFTPd Config File

cat /etc/vsftpd.conf | grep -v "#"
SettingDescription

listen=NO

Run from inetd or as a standalone daemon?

listen_ipv6=YES

Listen on IPv6 ?

anonymous_enable=NO

Enable Anonymous access?

local_enable=YES

Allow local users to login?

dirmessage_enable=YES

Display active directory messages when users go into certain directories?

use_localtime=YES

Use local time?

xferlog_enable=YES

Activate logging of uploads/downloads?

connect_from_port_20=YES

Connect from port 20?

secure_chroot_dir=/var/run/vsftpd/empty

Name of an empty directory

pam_service_name=vsftpd

This string is the name of the PAM service vsftpd will use.

rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem

The last three options specify the location of the RSA certificate to use for SSL encrypted connections.

rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

ssl_enable=NO

Service Interaction

nc -nv 10.129.14.136 21

telnet 10.129.14.136 21

It looks slightly different if the FTP server runs with TLS/SSL encryption. Because then we need a client that can handle TLS/SSL. For this, we can use the client openssl and communicate with the FTP server. The good thing about using openssl is that we can see the SSL certificate, which can also be helpful.

openssl s_client -connect 10.129.14.136:21 -starttls ftp

PreviousFootprinting Cheat sheetNext161-SNMP

Last updated