BufferOverflow,  CyberSecurity,  DevSecOps,  DoS,  Firewall

FTP and how to Pentest FTP

January 11, 2024 / 0 Comments

FTP stands for File Transfer Protocol. It is a standard network protocol used to transfer files from one host to another over a TCP-based network, such as the internet. FTP is commonly used for transferring web page files from their creator to the computer that acts as their server for everyone on the internet.

FTP operates on a client-server model, where the client initiates a connection to the server to request files or to send files to the server. The client and server communicate using a set of commands and responses.

There are two modes of FTP data transfer:

  1. Active Mode: In this mode, the client opens a random port for data transfer, and the server connects to this port. It may cause issues with firewalls and network configurations.
  2. Passive Mode: Here, the client opens a random port for data transfer, and the server connects to it. This mode is often used to overcome the limitations of active mode, especially when the client is behind a firewall or a NAT router.

While FTP has been widely used for file transfer, it lacks encryption, making it insecure for transferring sensitive information. As a result, more secure alternatives like FTPS (FTP Secure) and SFTP (SSH File Transfer Protocol) have been developed to address these security concerns. These secure alternatives add encryption to the data transfer process, providing a more secure way to exchange files over a network.

FTP Penetration Testing


FTP (File Transfer Protocol) penetration testing is a process of evaluating the security of an FTP server to identify potential vulnerabilities that could be exploited by attackers. It involves assessing the server’s configuration, access controls, encryption, and overall security posture to uncover weaknesses that may allow unauthorized access or data leakage.

Here is a list of some key RFCs (Request for Comments) related to FTP (File Transfer Protocol):

  1. RFC 959: “File Transfer Protocol (FTP)” – This is the primary specification for the FTP protocol and was published in October 1985.
  2. RFC 2228: “FTP Security Extensions” – Describes extensions to FTP to add support for secure authentication and data protection mechanisms, published in October 1997.
  3. RFC 2389: “Feature negotiation mechanism for the File Transfer Protocol” – Specifies a mechanism for FTP clients and servers to negotiate supported features, published in August 1998.
  4. RFC 2428: “FTP Extensions for IPv6 and NATs” – Defines extensions to FTP to support IPv6 and Network Address Translators (NATs), published in September 1998.
  5. RFC 2577: “FTP Security Considerations” – Discusses security considerations for the FTP protocol, published in May 1999.
  6. RFC 3659: “Extensions to FTP” – Introduces various extensions to FTP, including the MLST and MLSD commands for machine-readable listings, published in March 2007.
  7. RFC 4217: “Securing FTP with TLS” – Outlines how to use Transport Layer Security (TLS) with FTP to provide encrypted communication, published in October 2005.
  8. RFC 5797: “FTP Command and Extension Registry” – Establishes a registry for FTP commands and extensions, published in March 2010.

These RFCs provide the standards and guidelines for implementing various aspects of FTP, including security extensions, feature negotiation, IPv6 support, and more. Keep in mind that this is not an exhaustive list, and there may be other related RFCs as well.

Reconnaissance and Information Gathering

Before initiating the assessment, it is essential to gather relevant information about the FTP server. This includes identifying the server’s IP address, associated domain names, and open ports. Utilize tools like Nmap, whois, or DNS enumeration techniques to obtain this information.

nmap --script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21 <ip>
nmap --script=ftp-* -p 21 10.10.10.1

Enumeration and Service Identification

Next, identify the FTP server’s configuration details and associated services. Determine the FTP server software version, encryption protocols in use, and any additional services or ports associated with the server. Tools such as nmap, Netcat, or FTP-specific enumeration tools can be employed for this purpose.

FTP Banner Grabbing

nc <IP> 21

Vulnerability Assessment

Conduct vulnerability scanning using tools like Nessus, OpenVAS, or Nikto. These tools will identify known vulnerabilities in the FTP server software, underlying operating system, or associated services. Scan results will provide a comprehensive list of potential security issues to be investigated further.

Brute-Force Testing

Attempt to gain unauthorized access by employing password-cracking tools such as Hydra, Medusa, or Metasploit’s auxiliary modules. Brute-forcing involves systematically trying different usernames and passwords to test the server’s resistance to unauthorized access attempts.

Brute Force FTP servers are the most common attack on the Internet, can be done using a simple tool that tests the different combinations of usernames and passwords using wordlists against the FTP authentication system but if the username or password isn’t on those wordlists we fail.

It is necessary to create a custom wordlist for each company based on all data we collect during the recon phase.

hydra -l admin -P Top_100_Passwords.txt ftp://localhost/

Anonymous Access Testing

Check if the FTP server allows anonymous access. Attempt to connect to the server without providing any credentials and verify if it grants access to sensitive files or directories. This test helps identify potential information disclosure risks.

File Manipulation and Access Control Testing

Perform file manipulation tasks such as uploading, downloading, or modifying files on the FTP server. Evaluate the server’s access control mechanisms and check for any vulnerabilities that could lead to unauthorized data disclosure or data manipulation.

Misconfiguration Testing

Examine the FTP server’s configuration for misconfigurations that may expose it to security risks. Verify if secure protocols, such as SSL/TLS, are properly implemented and if access controls are appropriately defined.

FTP Bounce Attack

Traffic Sniffing

tcpdump -i any ftp

FTP Exploits

• ProFTPD-1.3.3c Backdoor
• ProFTPD 1.3.5 Mod_Copy Command Execution
• VSFTPD v2.3.4 Backdoor Command Execution

Learn How to Attack FTP Service vsftpd 2.3.4

By conducting a comprehensive FTP penetration testing assessment, organizations can proactively identify vulnerabilities in their FTP servers and take necessary steps to enhance security. Regular assessments help mitigate the risk of unauthorized access, data leakage, and other potential security threats. By utilizing the outlined steps, leveraging appropriate tools, and considering important security considerations, organizations can fortify their FTP server’s security and safeguard their sensitive data.

Remember, securing your FTP server is crucial in today’s digital landscape, where data protection is paramount.

You May Also Like

What is Snort Rule and How to write one ?

April 17, 2020

Python : SSL Version Scanner

April 18, 2020

Exploitation : Heartbleed Vulnerability : Ubuntu Server 12.04

March 25, 2018

Leave a Reply

Your email address will not be published. Required fields are marked *