21 - FTP
When I see FTP Port Open:
Try FTP Default creds -
anonymous:anonymous
/admin:admin
Once you log in, type
passive
andbinary
for file transfer modesIf anonymous login -> create a payload, upload and try visit <IP>/exploit.asp
FTP Login:
ftp <username>@<IP>
Banner Grabbing:
nc -nv <IP> 21
Grab Cert:
openssl s_client -connect <IP>:21 -starttls ftp
Download all the files in share:
wget -m ftp://anonymous:anon@<IP>
Download all:
wget -m --no-passive ftp://:@<IP>
Different port:
ftp <IP> -P 3084
Bruteforce:
hydra [-L <users.txt> or -l <user_name>] [-P <pass.txt> or -p ] -f [-S port] ftp://<IP>
If it's a Microsoft server -> Try asp, aspx payloads. Try staged/stageless, x32/x64 payloads.
Check if we can overwrite stuff and upload files to make it work. Look at the permissions.
Look for hidden files, go back to a directory if you find anything, and look for creds in DB Files.
Last updated