Cyberexploit

File Transfer Protocol

FTP (File Transfer Protocol) is a network protocol used to transfer files between a client and a server over a network. FTP is one of the oldest protocols, developed in the early 1970s, and it remains a widely-used method for sharing and transferring files, especially for managing web servers, downloading files from repositories, or transferring data between systems.

How it works

FTP operates on a client-server model. The FTP client initiates a connection to an FTP server, and after establishing a session, the client can upload or download files, navigate the file structure, and manage files on the server. FTP uses two channels for communication:

  • Control Channel: Used for sending commands (like logging in, changing directories etc.)
  • Data Channel: Used for transferring the actual data between client and server.

FTP typically operates on port 21 for the control connection, while the data connection might use port 20 or dynamically assigned ports. By default, FTP transmits data (including login credentials like usernames and passwords) in plaintext, making it susceptible to eavesdropping and man-in-the-middle attacks. FTP does not provide any built-in encryption mechanisms, meaning file transfers are not secure. To address these issues, secure versions of FTP have been developed. FTPS (FTP over TLS) uses TLS encryption to secure the communication. SFTP (Secure File Transfer Protocol) operates over the SSH protocol and provides both encryption and secure file transfers.

Active vs. Passive Mode

Active Mode

In active mode, the client opens a random port and listens for incoming data from the server. The client informs the server which port it’s listening on, and the server initiates the data connection to the client’s specified port. This mode can be problematic when the client is behind a firewall, as firewalls typically block incoming connections.

Passive Mode

In passive mode, the server opens a random port for data transfer, and the client initiates the connection to this port. This is the preferred mode when clients are behind firewalls, as it prevents the server from making direct connections to the client.

Connect to FTP service

ftp 192.168.1.10
user: anonymous
pass: anonymous

FTP Enumeration

sudo nmap -sV -p21 -sC -A -Pn 192.168.1.10

OR

nmap --script ftp-* -p21 192.168.1.10

Change file transfer mode (binary <-> ascii)

binary

ascii

Change active to passive mode

If error "229 Entering Extended Passive Mode (|||49303|)", then:

passive

Basic FTP Commands

dir
cd
get <filename> (download files only in binary mode!)

Leave a comment

Cyberexploit

Copyright © 2024 Cyberexploit