Translate

Monday, 7 October 2019

OSCP- Enumeration FTP


FTP- File Transfer Protocol

Port number- 20 --> Data Transfer
                      21 --> Control

FTP protocol is used to transfer files from one machine to another machine. We can easily transfer data from one machine to another machine. It works in Client-Server model ie. file from Server will be transferred to the Client.


Famous FTP servers are: ProFTPD, vsftpd, PureFTPd, FileZilla. etc

Connect to a FTP server:

ftp <ip victim>
nc -nv <ip victim>



How to exploit an FTP server:


1. Try using default credentials
           anonymous: anonymous
           admin: admin
           administrator: administrator


2.  Enumeration

      nmap

f–script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum,ftp-default,ftp-user-enum
3. Finding exploits
           Common exploits for RCE, Directory Traversal, Credential Disclosure, Arbitrary File upload, SQL Injection, and Buffer Overflow.

   search for exploits
           searchsploit <web server name, version>
           https://www.exploit-db.com/



4. Brute Force


medusa -h 10.10.10.10 -u user -P passwords.txt -M ftp 
hydra -s [PORT] -C ./wordlists/ftp-default-userpass.txt -u -f [IP] ftp






Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)