# FTP (21)

<details>

<summary>Protocol Information</summary>

FTP is a network protocol used to transfer files between a client and a server on a network. It allows files to be uploaded, downloaded and managed remotely, facilitating the transfer of data between connected devices.

</details>

## Port

<table data-header-hidden><thead><tr><th width="166">Port</th><th>Description</th></tr></thead><tbody><tr><td><mark style="color:green;"><strong>21</strong></mark><strong> TCP</strong></td><td>FTP</td></tr><tr><td><mark style="color:green;"><strong>20</strong></mark><strong> TCP</strong></td><td>FTP-data</td></tr></tbody></table>

## Config File

* `/etc/vsftpd.conf`

## FTP root

* `/var/ftp`

## Interact

If **anonymous access** is enabled, it's possible log in with username `“Anonymous”` and password `“”`.

{% code overflow="wrap" %}

```bash
ftp <IP> <PORT>
> [passive] [binary]
> mget *
```

{% endcode %}

{% code overflow="wrap" %}

```bash
wget -m ftp://<USER>:<PASSWORD>@<IP>:<PORT>
```

{% endcode %}

## Attacks

### FTP Bounce

An FTP bounce attack is a network attack that uses an FTP server to send outbound traffic to another device on the network. Suppose we targeted an FTP server FTP\_DMZ exposed to the Internet. Another device within the same network, Internal\_DMZ, is not exposed to the Internet. We can use the connection to the FTP\_DMZ server to scan Internal\_DMZ via the FTP Bounce attack and obtain information about the server's open ports.

{% code overflow="wrap" %}

```bash
nmap -Pn -v -n -p80 -b Anonymous:@10.10.110.213 172.17.0.2
# Scan internal host 172.17.0.2 via FTP of host 10.10.110.213
```

{% endcode %}

### [Backdoor in vsFTPd 2.3.4](https://www.exploit-db.com/exploits/49757)