FTP Enumeration

FTP Enumeration

Navigation

Sections in This Note


FTP Enumeration

FTP uses TCP port 21 and facilitates file sharing between a server and clients. We can use multiple auxiliary modules to enumerate information and perform brute-force attacks. FTP authentication uses a username/password combination, though improperly configured servers can sometimes be accessed anonymously.

Using Terminal

Find version of FTP
nmap -p21 -sV -O (IPAddress)

# Brute force
hydra -L /usr/share/metasploit-framework/data/wordlists/common_users.txt -P /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt 192.67.22.3 -t 4 ftp

# Find whether anonymous login is allowed
nmap (IPaddress) -p21 --script ftp-anon

Using MSF

# Service version of FTP
use auxiliary/scanner/ftp/ftp_version
set RHOSTS (IPaddress)
run

# Bruteforce attack on FTP
use auxiliary/scanner/ftp/ftp_login
set RHOSTS (IPAddress)
set USER_FILE /usr/share/metasploit-framework/data/wordlists/common_users.txt
set PASS_FILE /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt
run

# Check if anonymous logons are allowed
use auxiliary/scanner/ftp/anonymous
set RHOSTS (IPAddress)
run
Powered by Forestry.md