21-FTP
vsftpd default path (cat /etc/vsftpd.conf | grep -v "#") Details in [[obsidian-git-sync/CERT/HTB_CPTS/Academy/02. Information Gathering/11. Footprinting/Footprinting]]
to download files
//Download All Available Files
wget -m --no-passive ftp://anonymous:anonymous@10.129.14.136
find / -type f -name ftp* 2>/dev/null | grep scripts
sudo nmap -sV -p21 -sC -A 10.129.14.136
sudo nmap -sV -p21 -sC -A 10.129.14.136 --script-trace
openssl s_client -connect 10.129.14.136:21 -starttls ftp
ls -R //recursive listing
tree .
put testupload.txt
//Service Interaction
telnet 10.129.14.136 21
nc -nv 10.129.14.136 21
vsFTPd Config File
cat /etc/vsftpd.conf | grep -v "#"
listen=NO
Run from inetd or as a standalone daemon?
listen_ipv6=YES
Listen on IPv6 ?
anonymous_enable=NO
Enable Anonymous access?
local_enable=YES
Allow local users to login?
dirmessage_enable=YES
Display active directory messages when users go into certain directories?
use_localtime=YES
Use local time?
xferlog_enable=YES
Activate logging of uploads/downloads?
connect_from_port_20=YES
Connect from port 20?
secure_chroot_dir=/var/run/vsftpd/empty
Name of an empty directory
pam_service_name=vsftpd
This string is the name of the PAM service vsftpd will use.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
The last three options specify the location of the RSA certificate to use for SSL encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
Service Interaction
nc -nv 10.129.14.136 21
telnet 10.129.14.136 21
It looks slightly different if the FTP server runs with TLS/SSL encryption. Because then we need a client that can handle TLS/SSL. For this, we can use the client openssl
and communicate with the FTP server. The good thing about using openssl
is that we can see the SSL certificate, which can also be helpful.
openssl s_client -connect 10.129.14.136:21 -starttls ftp
Last updated