FTP (21)
File Transfer Protocol.
Port
21 TCP
FTP
20 TCP
FTP-data
Config File
/etc/vsftpd.conf
Interact
If anonymous access is enabled, it's possible log in with username “Anonymous”
and password “”
.
ftp <IP> <PORT>
Attacks
FTP Bounce
An FTP bounce attack is a network attack that uses an FTP server to send outbound traffic to another device on the network. Suppose we targeted an FTP server FTP_DMZ exposed to the Internet. Another device within the same network, Internal_DMZ, is not exposed to the Internet. We can use the connection to the FTP_DMZ server to scan Internal_DMZ via the FTP Bounce attack and obtain information about the server's open ports.
nmap -Pn -v -n -p80 -b Anonymous:@10.10.110.213 172.17.0.2
# Scan internal host 172.17.0.2 via FTP of host 10.10.110.213
Last updated
Was this helpful?