-
Enumeration Mandatory Check anonymous login Try to create AND upload a file: mkdir test put /tmp/test test Check login with at least the following credentials: admin / admin admin / password Optional Download everything with wget and look for .dot files! Check login with newly found users Brute-force login Make sure to check admin / admin and other usual combinations…
-
Note that FTP doesn’t show hidden files! Try in Windows e.g “cd ProgramData”. Enumeration With nmap. Scans a network for ftp servers which allow anonymous access. nmap -v -p21 --script=ftp-anon.nse 10.11.1.1-254 FTP relays The FTP specification defines FTP relays. One FTP server can say to another FTP server to send files to another third-party server.…