The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files between a client and server on a computer network.
Default Port: 21
PORT STATE SERVICE21/tcp open ftp
nc -vn <IP> 21
In Active FTP the FTP client first initiates the control connection from its port N to FTP Servers command port – port 21. The client then listens to port N+1 and sends the port N+1 to FTP Server. FTP Server then initiates the data connection, from its port M to the port N+1 of the FTP Client.
But, if the FTP Client has a firewall setup that controls the incoming data connections from outside, then active FTP may be a problem. And, a feasible solution for that is Passive FTP.
In Passive FTP, the client initiates the control connection from its port N to the port 21 of FTP Server. After this, the client issues a passv comand. The server then sends the client one of its port number M. And the client initiates the data connection from its port P to port M of the FTP Server.
anonymous : anonymous ftp : ftp
ftp <IP>>anonymous>anonymous>ls -a # List all files (even hidden) (yes, they could be hidden)>binary #Set transmission to binary instead of ascii>ascii #Set transmission to ascii instead of binary>bye #exit
You can connect to a FTP server using a browser (like Firefox) using a URL like:
wget -m ftp://anonymous:email@example.com #Donwload allwget -m --no-passive ftp://anonymous:firstname.lastname@example.org #Download all
Some FTP servers (almost anyone) allows the command PORT. This command can be used to indicate to the server that you wants to connect to other FTP server at some port. Then, you can use this to scan which ports of a host are open through a FTP server.
You can also use this technique to make a bounce FTP server ask to another bounce FTP server to download some file for you. This is usefull if you know that the ip where a bounceFTP server has access to more files... Read this yo know how
In modern FTP services you can use the command
EPRT instead of
PORT to make the FTP service connect to a different IP/port. Indeed, this command also works with IPv6, so you can make the FTP service connect to your IPv6 and you will capture the IPv6 of the FTP machine (you can sometimes find the IPv6 less protected that the IPv4).
#Connect to FTP and make the IPv6 connection# nc -nv <FTP-IP> 21USER mk7hlqMYr1b77DWuiZ1kPkNZc2Q1SRRgPASS mk7hlqMYr1b77DWuiZ1kPkNZc2Q1SRRgEPRT |2|dead:beef:2::1007|5995|list# nc -6lvnp 5995 # Wait for the connectionListening on :: 5995Connection received on dead:beef::250:56ff:feb9:627d 50598
Anon login and bounce FTP checks are perform by default by nmap with -sC option.
FileZilla usually binds to local an Administrative service for the FileZilla-Server (port 14147). If you can create a tunnel from your machine to access this port, you can connect to it using a blank password and create a new user for the FTP service.