# Exploiting FTP - Linux

## Exploiting FTP

* FTP (File Transfer Protocol) is a protocol that uses TCP port 21 and is used to facilitate file sharing between a server and client/clients.
* It is also frequently used as a means of transferring files to and from the directory of a web server.
* FTP authentication requires a username and password combination. As a result, we can perform a brute-force attack on the FTP server in order to identify legitimate credentials.
* In some cases, FTP servers may be configured to allow anonymous access, which consequently allows anyone to access to the FTP server without providing any legitimate credentials.

## **Attack Flow for Exploiting FTP Service with Hydra**

### 1. **Gather Credentials**

**Objective:** Prepare lists of potential usernames and passwords for the brute-force attack.

**Description:** Create two text files:

* **Username List:** A file with possible usernames for the FTP service.
* **Password List:** A file with potential passwords for the FTP service.

### 2. **Perform a Brute-Force Attack on FTP Service**

**Objective:** Execute a brute-force attack to find valid FTP credentials.

**Tool:** Hydra

**Command:**

```bash
hydra -L <username_list_path> -P <pass_list_path> <target> ftp
```

**Description:** This command tells Hydra to perform a brute-force attack against the FTP service on the target system.

* **`-L <username_list_path>`**: Path to the file containing a list of usernames.
* **`-P <pass_list_path>`**: Path to the file containing a list of passwords.
* **`<target>`**: IP address or hostname of the FTP server.
* **`ftp`**: Specifies the FTP service for Hydra to target.

### 4. **Access the FTP Service**

**Objective:** Use the obtained credentials to access the FTP server.

**Tool:** FTP Client (e.g., `ftp` command, FileZilla)

**Command:**

```bash
ftp <target>
```

**Description:** Connect to the FTP server using the valid credentials found from the Hydra brute-force attack.

### 5. **Explore the FTP Server**

**Objective:** Investigate the FTP server for sensitive files or information.

**Tool:** FTP Client Commands (e.g., `ls`, `cd`, `get`, `put`)

**Description:** Use FTP client commands to navigate directories, download files, or upload data on the FTP server.

**Example Commands:**

* **List files:** `ls`
* **Change directory:** `cd <directory>`
* **Download file:** `get <filename>`
* **Upload file:** `put <filename>`

***

***

***

**`Hacker's Mantra:`**`I really didn’t understand why hackers would want to hack into a classroom. Are they going to learn algebra? Maybe calculus? - Eric Yuan`