Notes - Attack by ports/protocols: FTP tcp:21, TFTP udp:69

Jun 1, 2022

1 min read

21/tcp ftp

https://book.hacktricks.xyz/pentesting/pentesting-ftp

# ftp brute force
> nmap --script ftp-brute -p 21 <host>

# ftp `bounce` scan
> nmap -PO -b username:password@ftpserver.tld:21 -vvv -oN scan_internal.nmap 127.0.0.1 --script="default,vuln"

# recursive download
> wget -r ftp://anonymous:anonymous@<ip>:<port>/

# Use `ls -la` to show hidden files
# If cannot list directory, try `passive` mode

lftp

> lftp
lftp :~> set ftp:ssl-force false
lftp :~> set ssl:verify-certificate no
lftp :~> connect <ip>
lftp :~> login anonymous anonymous
lftp :~> ls

udp/69 tftp

https://book.hacktricks.xyz/pentesting/69-udp-tftp

# linux command
> tftp
> connect ip_addr
> ?

# nmap scan
> nmap -n -Pn -sU -p69 -sV --script tftp-enum ip_addr