21 FTP Cheat Sheet
General approach to basic checks relating to FTP
Last updated: May 4th, 2023Automated Recon
The following command can be used to automate the reconnaissance process on an FTP server:
nmap --script="ftp*" -p 21 x.x.x.x
This command will run a script that checks for potential vulnerabilities on the FTP server.
Anonymous Login
If anonymous login is enabled on an FTP server, the following syntax can be used to log in:
ftp x.x.x.x
ftp>anonymous
ftp>anonymous
ftp>help
ftp>bye
This will log in anonymously and display a list of available commands.
Recursive download
There are various ways to download files recursively from an FTP server, such as:
wget -m ftp://anonymous:anonymous@x.x.x.x #Download all
wget -m --no-passive ftp://anonymous:anonymous@x.x.x.x #Download all
wget -r ftp://anonymous:@x.x.x.x:30021
The first two commands download all files from the FTP server using wget. The third command downloads files recursively from the specified directory.
Brute-Force
The following command can be used to perform a brute-force attack on an FTP server:
hydra -t 4 -l user -P /usr/share/wordlists/rockyou.txt -vV x.x.x.x ftp
This command uses the Hydra tool to try various username and password combinations to gain access to the FTP server.
lftp
The lftp command is a powerful FTP client that can be used to troubleshoot and manage FTP connections:
#login
lftp -u ftpuser,ftppassword sftp://10.10.10.202/conf-backups
lftp -u anonymous sftp://10.10.10.202/conf-backups
lftp -u anonymous ftp://10.10.10.202:1221
#troubleshooting
lftp -e "set ftp:passive-mode false" -u admin,admin 192.168.69.56
lftp -e 'set ftp:passive-mode true' -u anonymous 192.168.239.68
lftp -e "mirror -R /backups ./conf-backups" -u ftpuser,ftppassword sftp://10.0.8.202
set ftp:ssl-allow false
set ftp:passive-mode off
set ssl:verify-certificate no
The above commands can be used to log in to an FTP server, troubleshoot connection issues, and manage backups. The lftp tool also supports various configuration options, such as setting the passive mode or disabling SSL certificate verification.