📂FTP Enumeration
FTP (File Transfer Protocol) is a standard network protocol used to transfer files between a client and a server over a TCP/IP network. It allows users to upload, download, and manage files on a remote server, often used for website maintenance, data sharing, and file storage. It has two modes: "active" and "passive," and it uses two ports: 21 for control (commands) and 20 for data transfer. FTP helps upload, download, and manage files on remote servers, like moving files to and from websites.
FTP: Brute forcing attacks on FTP
This command employs Hydra to perform a brute-force attack on an FTP service on the target using a list of usernames and passwords.
hydra -L <username_list_path> -P <pass_list_path> <target> ftp
FTP: Nmap Enumeration Scripts
You can also use nmap
to perform brute-force attacks on FTP services. Below are a few common scripts for FTP enumeration:
ftp-anon
: Checks for anonymous FTP login.
nmap --script ftp-anon -p 21 target-ip
ftp-brute
: Performs a brute-force attack on FTP passwords.
nmap --script ftp-brute -p 21 target-ip
ftp-bounce
: Exploits FTP bounce attacks to port scan.
nmap --script ftp-bounce -p 21 target-ip
ftp-vsftpd-backdoor
: Checks for the presence of the VSFTPD backdoor vulnerability.
nmap --script ftp-vsftpd-backdoor -p 21 target-ip
ftp-anon
: Checks for anonymous FTP login.
nmap --script ftp-anon -p 21 target-ip
ftp-syst
: Retrieves system information from the FTP server.
nmap --script ftp-syst -p 21 target-ip
Hacker's Mantra:
Passwords are like underwear. Don’t let people see it, change it very often, and you shouldn’t share it with strangers. - Chris Pirillo
Last updated
Was this helpful?