FTP Enumeration

FTP Enumeration are wondering objectives are to understand what FTP is used for and to demonstrate how to enumerate FTP. So FTP stands for file transfer protocol and you'll notice with all these protocols, they typically describe what they do, Right? So file transfer protocol is to transfer files from one host to another Now. Um it's typically found on Port 21 and it's a clear text protocol. There is S FTP or secure FTp that uses encryption. Um it also has the ability for FTP where you may be able to log in anonymously. So you can actually, it will prompt you for a user name and you can enter anonymous and then the password can be whatever you want it to be, uh and you have access to that FTP server.

‍

The thing though, is when you're anonymous, you may not have the same privileges to get and put files onto a server as you would with a normal user or as an admin. So you also notice that if you have maybe have a web server on the internet that ftp, you can you can enable ftp so that you can put things like files, html or images onto your your web server and upload it there. So for ftp scanning and map is our tool yet again. And you can see with just our default scan with rsv sc Flags, that um it will it will do the ftp, a non script to see if anonymous logins are allowed and if they are, it will tell you if the if that share is readable or writable. Um And I also do it as ftp cyst down there. Um So that's part of the default uh the default scripts that end map uses just by using the S C flag.

‍

We didn't have to use script ftp, although there are some and max scripting engine uh scripts specifically for ftp. So I talked about anonymous login with Callie, you can just type in FTp. And the host and then the port after that if it's a different port than 21 and you can try to log in so we'll see here that I log in as anonymous. I used a password um it used to be that you would enter your email because the clear text protocol um the people that had access to the logs would see what your email was. So they knew who you were when you log in anonymously. Like I said, sometimes when you're the anonymous user you may not be able to get and put files onto that server. Like you would if you were perhaps an admin or a normal user that had access. So you may want to brute force um your your login for FTp and we can see here, I used hydra again with little l admin and password.

‍

Is this custom list I used if you go out there and google like what's the default um password for FTP? Uh That may give you some some luck and I'll show you that in the demo here in a little bit. I also want to point out Ask versus binary mode and this is something that tripped me up early on in P. W. K. When I was trying to transfer maybe uh execute herbal or binary files from a remote host onto my machine is defaulted to ask mode. Asking mode maybe the default when you log in. But that's really used to transfer text files. What you want to switch to is binary mode if you actually want to download a file. So make sure when you're on the FTP server that if you're downloading anything other than a text file that you are in binary mode.