# FTP Bounce attack - Scan {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks * Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! * **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %} **Try Hard Security Group**
{% embed url="https://discord.gg/tryhardsecurity" %} *** ## FTP Bounce - Scanning ### Manual 1. μ·¨μ•½ν•œ FTP에 μ—°κ²°ν•©λ‹ˆλ‹€. 2. **`PORT`** λ˜λŠ” **`EPRT`**(λ‘˜ 쀑 ν•˜λ‚˜λ§Œ μ‚¬μš©) λͺ…λ Ήμ–΄λ₯Ό μ‚¬μš©ν•˜μ—¬ μŠ€μΊ”ν•˜λ €λŠ” _\_와 연결을 μ„€μ •ν•©λ‹ˆλ‹€: `PORT 172,32,80,80,0,8080`\ `EPRT |2|172.32.80.80|8080|` 3. **`LIST`**λ₯Ό μ‚¬μš©ν•˜μ—¬(이 λͺ…령은 μ—°κ²°λœ _\_에 FTP ν΄λ”μ˜ ν˜„μž¬ 파일 λͺ©λ‘μ„ μ „μ†‘ν•©λ‹ˆλ‹€) κ°€λŠ₯ν•œ 응닡을 ν™•μΈν•©λ‹ˆλ‹€: `150 File status okay` (이것은 ν¬νŠΈκ°€ μ—΄λ € μžˆμŒμ„ 의미) λ˜λŠ” `425 No connection established` (이것은 ν¬νŠΈκ°€ λ‹«ν˜€ μžˆμŒμ„ 의미) 4. `LIST` λŒ€μ‹  **`RETR /file/in/ftp`**λ₯Ό μ‚¬μš©ν•˜μ—¬ μœ μ‚¬ν•œ `Open/Close` 응닡을 찾을 수 μžˆμŠ΅λ‹ˆλ‹€. **PORT**λ₯Ό μ‚¬μš©ν•œ μ˜ˆμ‹œ(172.32.80.80의 포트 8080은 μ—΄λ € 있고 포트 7777은 λ‹«ν˜€ 있음): ![](<../../.gitbook/assets/image (241).png>) **`EPRT`**λ₯Ό μ‚¬μš©ν•œ λ™μΌν•œ μ˜ˆμ‹œ(인증 μƒλž΅): ![](<../../.gitbook/assets/image (539).png>) `LIST` λŒ€μ‹  `EPRT`λ₯Ό μ‚¬μš©ν•˜μ—¬ μ—΄λ¦° 포트(λ‹€λ₯Έ ν™˜κ²½): ![](<../../.gitbook/assets/image (875).png>) ### **nmap** ```bash nmap -b :@ nmap -Pn -v -p 21,80 -b ftp:ftp@10.2.1.5 127.0.0.1 #Scan ports 21,80 of the FTP nmap -v -p 21,22,445,80,443 -b ftp:ftp@10.2.1.5 192.168.0.1/24 #Scan the internal network (of the FTP) ports 21,22,445,80,443 ``` **Try Hard Security Group**
{% embed url="https://discord.gg/tryhardsecurity" %} {% hint style="success" %} AWS ν•΄ν‚Ή 배우기 및 μ—°μŠ΅ν•˜κΈ°:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ GCP ν•΄ν‚Ή 배우기 및 μ—°μŠ΅ν•˜κΈ°: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
HackTricks μ§€μ›ν•˜κΈ° * [**ꡬ독 κ³„νš**](https://github.com/sponsors/carlospolop) ν™•μΈν•˜κΈ°! * **πŸ’¬ [**Discord κ·Έλ£Ή**](https://discord.gg/hRep4RUj7f) λ˜λŠ” [**ν…”λ ˆκ·Έλž¨ κ·Έλ£Ή**](https://t.me/peass)에 μ°Έμ—¬ν•˜κ±°λ‚˜ **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**λ₯Ό νŒ”λ‘œμš°ν•˜μ„Έμš”.** * **[**HackTricks**](https://github.com/carlospolop/hacktricks) 및 [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) κΉƒν—ˆλΈŒ 리포지토리에 PR을 μ œμΆœν•˜μ—¬ ν•΄ν‚Ή νŒμ„ κ³΅μœ ν•˜μ„Έμš”.**
{% endhint %}