The File Transfer Protocol is a standard network protocol used for the transfer of computer files between a client and server on a computer network. FTP is built on a client-server model architecture using separate control and data connections between the client and the server.

Default Port: 21

Enumeration

Using nmap –

nmap -p 21 -sV

Using metasploit –

use auxiliary/scanner/ftp/ftp_version

set rhosts

exploit

Browser connection

You can connect to a FTP server using a browser (like Firefox) using a URL like:

ftp://anonymous:anonymous@10.10.10.98

Download all files from FTP

wget -m ftp://anonymous:anonymous@10.10.10.98 #Donwload all

wget -m –no-passive ftp://anonymous:anonymous@10.10.10.98 #Download all

Try Anonymous Login

use auxiliary/scanner/ftp/anonymous

msf auxiliary(anonymous) >set rhosts 192.168.0.106

msf auxiliary(anonymous) >exploit

Enumerating FTP Banner

use auxiliary/scanner/ftp/ftp_version

msf auxiliary(ftp_version) > set rhosts 192.168.0.106

msf auxiliary(ftp_version) > exploit

FTP Brute force Attack

use auxiliary/scanner/ftp/ftp_login

msf auxiliary(ftp_login) > set rhosts 192.168.01.106

msf auxiliary(ftp_login) > set user_file /root/Desktop/user.txt

msf auxiliary(ftp_login) > set pass_file /root/Desktop/pass.txt

msf auxiliary(ftp_login) > set stop_on_success true

msf auxiliary(ftp_login) > exploit

Using hydra:

hydra -L users.txt -P passwords.txt -t 3 -s 21 IP ftp

Some FTP commands

• USER username
• PASS password
• HELP The server indicates which commands are supported
• PORT 127,0,0,1,0,80This will indicate the FTP server to establish a connection with the IP 127.0.0.1 in port 80 (you need to put the 5th char as “0” and the 6th as the port in decimal or use the 5th and 6th to express the port in hex).
• EPRT |2|127.0.0.1|80|This will indicate the FTP server to establish a TCP connection (indicated by “2”) with the IP 127.0.0.1 in port 80. This command supports IPv6.
• LIST This will send the list of files in current folder
• APPE /path/something.txt This will indicate the FTP to store the data received from a passive connection or from a PORT/EPRT connection to a file. If the filename exists, it will append the data.
• STOR /path/something.txt Like APPE but it will overwrite the files
• STOU /path/something.txt Like APPE, but if exists it won’t do anything.
• RETR /path/to/file A passive or a port connection must be establish. Then, the FTP server will send the indicated file through that connection
• REST 6 This will indicate the server that next time it send something using RETR it should start in the 6th byte.
• TYPE i Set transfer to binary
• PASV This will open a passive connection and will indicate the user were he can connects 

FTP hardening

Depends on software you are using for FTP server, specified options can be located in different places and with different names. Check steps below and find guides to configure your specific server software, after every change do not forget to restart your FTP server.

1. Disable anonymous login. Open your server configuration and do not allow connection for anonymous login. Only defined users with strong passwords should have access.
2. Hide banner. Changes configuration to hide name and version of software you are using.
3. Use SSL certificate to prevent credential stealing. SSL stands for Secure Sockets Layer, the protocol which provides secure, encrypted communications between server and client, this encrypt data packets traveling between server-client networks. If hacker will sniff your connection he will be not able to read captured information because entire data will show in the form of cipher text.
4. Set a threshold account lockout policy. For example, if within a minute the password is entered incorrectly three times then the account should be locked or if there are 5 incorrect connections from a given IP address within one minute, block the connection from this address for 24 hours. This can be done using firewall rules or software like ufw, portsentry or fail2ban.
5. Allow specific IP to connect to FTP server. Just create white-list of addresses which can connect to FTP server and block connections from other locations.
6. You can also change default port from 21 to 5021. Vulnerability scanners usually scan the default ports to perform an automatic reconnaissance and analyze a possible attack.