FTP

CONNECTING ANONYMOUSLY

root@oco:~$ ftp -p {targetIP}

 Connected to {targetIP}.
 220 (vsFTPd 3.0.3)
 Name ({targetIP}:{username}): {anonymous}
 230 Login successful.
 Remote system type is UNIX.
 Using binary mode to transfer files.
 
 * -p refers to passive mode
    - using -p helps avoid the need for the target server to connect back to the
      attacking machine, making FTP work more reliably in offensive or NAT’d 
      environments.
       - Active mode: Server connects back to the client for data transfer.
       - Passive mode: Client initiates everything; avoids inbound connections to 
         the client (better for firewalls).

ftp> help
 cd     dir  ls   type
 chmod  exit pwd
 delete get  quit

DOWNLOADS

SINGLE FILES

ftp> get Important\ Notes.txt
 local: Important Notes.txt remote: Important Notes.txt
 200 PORT command successful. Consider using PASV.
 150 Opening BINARY mode data connection for Important Notes.txt (41 bytes).
 226 Transfer complete.
 41 bytes received in 0.00 secs (606.6525 kB/s)

MULTIPLE FILES

This is not recommended as it can cause alarms. No one from typically download all files and content all at once.

root@oco:~$ wget -m --no-passive ftp://anonymous:[email protected]

 --2021-09-19 14:45:58--  ftp://anonymous:*password*@10.129.14.136/                                         
           => ‘10.129.14.136/.listing’                                                                     
 Connecting to 10.129.14.136:21... connected.                                                               
 Logging in as anonymous ... Logged in!
 ==> SYST ... done.    ==> PWD ... done.
 ==> TYPE I ... done.  ==> CWD not needed.
 ==> PORT ... done.    ==> LIST ... done.                                                                 
 12.12.1.136/.listing           [ <=>                                  ]     466  --.-KB/s    in 0s       
                                                                                                         
 2021-09-19 14:45:58 (65,8 MB/s) - ‘10.129.14.136/.listing’ saved [466]                                     
 --2021-09-19 14:45:58--  ftp://anonymous:*password*@10.129.14.136/Calendar.pptx   
           => ‘10.129.14.136/Calendar.pptx’                                       
 ==> CWD not required.                                                           
 ==> SIZE Calendar.pptx ... done.                                                                                                                            
 ==> PORT ... done.    ==> RETR Calendar.pptx ... done.       

 ...SNIP...

 2021-09-19 14:45:58 (48,3 MB/s) - ‘10.129.14.136/Employees/.listing’ saved [119]

 FINISHED --2021-09-19 14:45:58--
 Total wall clock time: 0,03s
 Downloaded: 15 files, 1,7K in 0,001s (3,02 MB/s)
 
root@oco:~$ tree .

 .
 └── 10.129.14.136
    ├── Calendar.pptx
    ├── Clients
    │   └── Inlanefreight
    │       ├── appointments.xlsx
    │       ├── contract.docx
    │       ├── meetings.txt
    │       └── proposal.pptx
    ├── Documents
    │   ├── appointments-template.xlsx
    │   ├── contract-template.docx
    │   └── contract-template.pdf
    ├── Employees
    └── Important Notes.txt

 5 directories, 9 files
 
 * wget creates a directory with the name of the IP address of the target

UPLOADS

root@oco:~$ touch testupload.txt
ftp> put testupload.txt 
 local: testupload.txt remote: testupload.txt
 ---> PORT 10,10,14,4,184,33
 200 PORT command successful. Consider using PASV.
 ---> STOR testupload.txt
 150 Ok to send data.
 226 Transfer complete.

ftp> ls
 -rw-------    1 1002     133             0 Sep 15 14:57 testupload.txt

RECURSIVE LISTING (IF ENABLED)

ftp> ls -R
 ---> PORT 10,10,14,4,222,149
 200 PORT command successful. Consider using PASV.
 ---> LIST -R
 150 Here comes the directory listing.
 .:
 -rw-rw-r--    1 ftp      ftp      8138592 Sep 14 16:54 Calender.pptx
 drwxrwxr-x    2 ftp      ftp         4096 Sep 14 17:03 Clients
 drwxrwxr-x    2 ftp      ftp         4096 Sep 14 16:50 Documents
 drwxrwxr-x    2 ftp      ftp         4096 Sep 14 16:50 Employees
 -rw-rw-r--    1 ftp      ftp           41 Sep 14 16:45 Important Notes.txt
 -rw-------    1 ftp      ftp            0 Sep 15 14:57 testupload.txt

 ./Clients:
 drwx------    2 ftp      ftp          4096 Sep 16 18:04 HackTheBox
 drwxrwxrwx    2 ftp      ftp          4096 Sep 16 18:00 Inlanefreight
 
 ./Clients/HackTheBox:
 -rw-r--r--    1 ftp      ftp         34872 Sep 16 18:04 appointments.xlsx
 -rw-r--r--    1 ftp      ftp        498123 Sep 16 18:04 contract.docx
 -rw-r--r--    1 ftp      ftp        478237 Sep 16 18:04 contract.pdf
 -rw-r--r--    1 ftp      ftp           348 Sep 16 18:04 meetings.txt

DETAILED OUTPUT

ftp> debug
 Debugging on (debug=1).

ftp> trace
 Packet tracing on.

ftp> ls
 ---> PORT 10,10,14,4,188,195
 200 PORT command successful. Consider using PASV.
 ---> LIST
 150 Here comes the directory listing.
 -rw-rw-r--    1 1002     1002      8138592 Sep 14 16:54 Calender.pptx
 drwxrwxr-x    2 1002     1002         4096 Sep 14 17:03 Clients
 drwxrwxr-x    2 1002     1002         4096 Sep 14 16:50 Documents
 drwxrwxr-x    2 1002     1002         4096 Sep 14 16:50 Employees
 -rw-rw-r--    1 1002     1002           41 Sep 14 16:45 Important Notes.txt
 226 Directory send OK.

DISPLAY OVERVIEW OF FTP SERVER SETTINGS

ftp> status
 Connected to 10.129.14.136.
 No proxy connection.
 Connecting using address family: any.
 Mode: stream; Type: binary; Form: non-print; Structure: file
 Verbose: on; Bell: off; Prompting: on; Globbing: on
 Store unique: off; Receive unique: off
 Case: off; CR stripping: on
 Quote control characters: on
 Ntrans: off
 Nmap: off
 Hash mark printing: off; Use of PORT cmds: on
 Tick counter printing: off

PreviousFPING NextHTML2TEXT

Last updated 3 months ago

root@oco:~$ wget -m --no-passive ftp://anonymous:[email protected] --2021-09-19 14:45:58-- ftp://anonymous:*password*@10.129.14.136/ => ‘10.129.14.136/.listing’ Connecting to 10.129.14.136:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD not needed. ==> PORT ... done. ==> LIST ... done. 12.12.1.136/.listing [ <=> ] 466 --.-KB/s in 0s 2021-09-19 14:45:58 (65,8 MB/s) - ‘10.129.14.136/.listing’ saved [466] --2021-09-19 14:45:58-- ftp://anonymous:*password*@10.129.14.136/Calendar.pptx => ‘10.129.14.136/Calendar.pptx’ ==> CWD not required. ==> SIZE Calendar.pptx ... done. ==> PORT ... done. ==> RETR Calendar.pptx ... done. ...SNIP... 2021-09-19 14:45:58 (48,3 MB/s) - ‘10.129.14.136/Employees/.listing’ saved [119] FINISHED --2021-09-19 14:45:58-- Total wall clock time: 0,03s Downloaded: 15 files, 1,7K in 0,001s (3,02 MB/s) root@oco:~$ tree . . └── 10.129.14.136 ├── Calendar.pptx ├── Clients │ └── Inlanefreight │ ├── appointments.xlsx │ ├── contract.docx │ ├── meetings.txt │ └── proposal.pptx ├── Documents │ ├── appointments-template.xlsx │ ├── contract-template.docx │ └── contract-template.pdf ├── Employees └── Important Notes.txt 5 directories, 9 files * wget creates a directory with the name of the IP address of the target