This commit is contained in:
CoolHandSquid 2021-08-12 09:00:24 -04:00 committed by GitHub
parent e1cdfc3cdc
commit b846a501e4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -184,3 +184,43 @@ ftp.conf
proftpd.conf
```
## HackTricks Automatic Commands
```
Protocol_Name: FTP #Protocol Abbreviation if there is one.
Port_Number: 21 #Comma separated if there is more than one.
Protocol_Description: File Transfer Protocol #Protocol Abbreviation Spelled out
Name: Notes
Description: Notes for FTP
Note: """
Anonymous Login
-bi <<< so that your put is done via binary
wget --mirror 'ftp://ftp_user:UTDRSCH53c"$6hys@10.10.10.59'
^^to download all dirs and files
wget --no-passive-ftp --mirror 'ftp://anonymous:anonymous@10.10.10.98'
if PASV transfer is disabled
https://book.hacktricks.xyz/pentesting/pentesting-ftp
"""
Name: Banner Grab
Description: Grab FTP Banner via telnet
Command: """telnet -vn {IP} 21"""
Name: Cert Grab
Description: Grab FTP Certificate if existing
Command: """openssl s_client -connect {IP}:21 -starttls ftp"""
Name: nmap ftp
Description: Anon login and bounce FTP checks are performed
Command: """nmap --script ftp-* -p 21 {IP}"""
Name: Browser Connection
Description: Connect with Browser
Note: """
ftp://anonymous:anonymous@{IP}
"""
```