Skip to content

Introduction

FTP (File Transfer Protocol) is a network protocol used to transfer files between a client and a server over a TCP network. It supports file uploads, downloads, and directory management, using separate control and data channels for commands and file data. FTP can allow anonymous or authenticated access with a username and password.

Downloading Files

Overview of commands for downloading files from an FTP server using various tools.

Command Description
wget -r ftp://[USERNAME]:@[TARGET-IP] downloads all files from the FTP server, useful for complete directory downloads.
wget -m --no-passive ftp://[USERNAME]:[PASSWORD]@[TARGET-IP] Mirrors the entire FTP site, downloading all available files and directories, preserving the server structure.
ftp [TARGET-IP] then binary and get [FILE-NAME] Connects to an FTP server, switches to binary mode for data integrity, and downloads a specified file.
curl -O ftp://[USERNAME]:[PASSWORD]@[TARGET-IP]/PATH/TO/FILE_OR_DIR Downloads a specific file or directory from the FTP server, using curl for precise retrieval.
Tips & Tricks

Check if anonymous:anonymous FTP is enabled.

Transferring Files

Commands for setting up an FTP server and uploading files.

Command Description
python3 -m pyftpdlib -p 21 Starts an FTP server on port 21 using Python pyftpdlib, convenient for quick setups on local networks.
ftp [TARGET-IP] then binary and put [FILE-TO-UPLOAD] Connects to an FTP server and uploads a file after switching to binary mode to preserve file integrity.

Brute-Forcing FTP Credentials

Scenario Command
Unknown User hydra -L user.txt -p "Password" -f [TARGET-IP] ftp
Unknown Password hydra -l user -P /opt/rockyou.txt -f [TARGET-IP] ftp
Unknown User and Password hydra -L user.txt -P /opt/rockyou.txt -f [TARGET-IP] ftp
Different Port hydra -l user -P /opt/rockyou.txt -f [TARGET-IP] ftp -s 9999

Nmap Nse Scripts

Nmap NSE scripts specifically designed for FTP to discover vulnerabilities or gather information.

Command Description
ls /usr/share/nmap/scripts/ \| grep "ftp" Lists available Nmap scripts that are specifically related to FTP, aiding in targeted vulnerability scanning.
nmap -p 21 --script ftp* [TARGET-IP] Executes FTP-related Nmap scripts against a target IP on port 21 for comprehensive vulnerability scanning and information gathering.