How Works and How Can We Attack It

FTP (File Transfer Protocol) is a standard network protocol used to transfer files between a client and a server over TCP/IP. It operates mainly on ports 21 (control) and 20 (data). While widely used for file sharing and remote management, FTP is considered insecure because it transmits data, including credentials, in plain text.

Common Uses includes:

  • Uploading/downloading files to web servers
  • Remote file management in enterprises
  • Backup and distribution of files

Common Exploitation via Misconfigurations or Vulnerabilities

Anonymous Login Enabled
Some servers allow access with the username anonymous and no password (or any password). We can browse, download, or upload malicious files.

ftp <target-ip>
Name: anonymous
Password: anonymous
ftp> ls
ftp> get sensitive_file.txt

Cleartext Credentials Interception
Since FTP transmits data unencrypted, we can sniff traffic and capture usernames and passwords. Example with tcpdump or Wireshark when we are on the same network:

tcpdump -i eth0 -n port 21

Misconfigured Permissions
If write permissions are enabled, we can upload backdoors or malicious scripts.

ftp <target-ip>
ftp> put shell.php

Tags

ftp

Notes

Some of this writeup is revised by AI. My own writing can be a bit clunky, so I get it to review certain parts to make things flow better and be a bit easier to read.

If you liked this content, please give me a respect on my Hack The Box profile. I'd be happy to hear I've helped you.

If anything here isn't clear, check out the cookbook. If you can't find the answer or need further clarification, please contact me at my e-mail.

Last updated: 2025-10-03