{"id":103,"date":"2017-07-09T15:10:48","date_gmt":"2017-07-09T13:10:48","guid":{"rendered":"https:\/\/privat.andreas-klingler.de\/itsec\/?p=103"},"modified":"2023-12-20T19:16:39","modified_gmt":"2023-12-20T18:16:39","slug":"protocol-ftp","status":"publish","type":"post","link":"https:\/\/infosec.andreas-klingler.de\/?p=103","title":{"rendered":"<span class=\"caps\">FTP<\/span> File Transfer Protocol"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Note that <span class=\"caps\">FTP<\/span> does\u00adn\u2019t show hid\u00adden files! Try in Win\u00addows e.g \u201ccd ProgramData\u201d.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Enumeration<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">With nmap. Scans a net\u00adwork for ftp servers which allow anony\u00admous access.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">nmap -v -p21 --script=ftp-anon.nse 10.11.1.1-254<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"caps\">FTP<\/span> relays<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The <span class=\"caps\">FTP<\/span> spec\u00adi\u00adfi\u00adca\u00adtion defines <span class=\"caps\">FTP<\/span> relays. One <span class=\"caps\">FTP<\/span> serv\u00ader can say to anoth\u00ader <span class=\"caps\">FTP<\/span> serv\u00ader to send files to anoth\u00ader third-par\u00adty serv\u00ader. See the nmap man\u00adpage for more details. Today it is most\u00adly not pos\u00adsi\u00adble to use, but some old sys\u00adtems still have this feature.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/andreas-klingler.de\/infosec\/?p=94\">See also <span class=\"caps\">FTP<\/span> bounce attack<\/a> to scan anoth\u00ader sys\u00adtem via a <span class=\"caps\">FTP<\/span> serv\u00ader as proxy. (<a href=\"https:\/\/book.hacktricks.xyz\/pentesting\/pentesting-ftp\">Source<\/a>)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Mirror <span class=\"caps\">FTP<\/span> system<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">With wget<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">wget -m --no-passive ftp:\/\/anonymous:anonymous@$target<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">With lftp<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">lftp -u anonymous,dfsdf -e \"mirror --parallel=2 --verbose \/ .\" $target<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">FileZilla<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">If port 14147 is exposed, tun\u00adnel it to local\u00adhost, then exe\u00adcute FileZill Serv\u00ader Interface.exe from the cor\u00adrect ver\u00adsion and con\u00adnect to localhost.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Binary and ascii&nbsp;mode<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Bina\u00adry mode does\u00adn\u2019t change the&nbsp;file<\/li><li><span class=\"caps\">ASCII<\/span> mode:<ul><li>Removes ^M when a file is trans\u00adferred from a Win\u00addows host to a *nix&nbsp;host.<\/li><li>Adds ^M when a file is trans\u00adferred from a *nix host to a Win\u00addows&nbsp;host.<\/li><\/ul><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Note that <span class=\"caps\">FTP<\/span> does\u00adn\u2019t show hid\u00adden files! Try in Win\u00addows e.g \u201ccd Pro\u00adgram\u00adDa\u00adta\u201d. Enu\u00admer\u00ada\u00adtion With nmap. Scans a net\u00adwork for ftp servers which allow anony\u00admous access. nmap \u2011v \u2011p21 \u2013script=ftp-anon.nse 10.11.1.1\u2013254 <span class=\"caps\">FTP<\/span> relays The <span class=\"caps\">FTP<\/span> spec\u00adi\u00adfi\u00adca\u00adtion defines <span class=\"caps\">FTP<\/span> relays. One <span class=\"caps\">FTP<\/span> serv\u00ader can say to anoth\u00ader <span class=\"caps\">FTP<\/span> serv\u00ader to send files to anoth\u00ader third-par\u00ad\u00adty server.&nbsp;[\u2026]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[470,475,323],"tags":[28,160,29],"class_list":["post-103","post","type-post","status-publish","format-standard","hentry","category-active-enum","category-attack-tool","category-protocol","tag-ftp","tag-lftp","tag-protocol"],"_links":{"self":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=103"}],"version-history":[{"count":13,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/103\/revisions"}],"predecessor-version":[{"id":3690,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/103\/revisions\/3690"}],"wp:attachment":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}