FTP

(Host Based Enumeration)

• on Linux most used FTP is vsFTPd

• there is also TFTP

---

TFTP

Command	Description
connect	Sets the remote host, and optionally the port, for file transfers.
get	Transfers a file or set of files from the remote host to the local host.
put	Transfers a file or set of files from the local host onto the remote host.
quit	Exits TFTP
status	Shows the current status of tftp, including the current transfer mode (ascii or binary), connection status, time-out value, and so on.
verbose	Turns verbose mode, which displays additional information during file transfer, on or off.
exit	exit the ftp server

---

vsFTPd

install vsFTP

sudo apt install vsftpd

open config file

cat /etc/vsftpd.conf | grep -v "#"

Setting	Description
listen=NO	Run from inetd or as a standalone daemon?
listen_ipv6=YES	Listen on IPv6 ?
anonymous_enable=NO	Enable Anonymous access?
local_enable=YES	Allow local users to login?
dirmessage_enable=YES	Display active directory messages when users go into certain directories?
use_localtime=YES	Use local time?
xferlog_enable=YES	Activate logging of uploads/downloads?
connect_from_port_20=YES	Connect from port 20?
secure_chroot_dir=/var/run/vsftpd/empty	Name of an empty directory
pam_service_name=vsftpd	This string is the name of the PAM service vsftpd will use.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem	The last three options specify the location of the RSA certificate to use for SSL encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

file for users that are denied from FTP service

cat /etc/ftpusers

Anonymous Settings

anonymous_enable=YES	Allowing anonymous login?
anon_upload_enable=YES	Allowing anonymous to upload files?
anon_mkdir_write_enable=YES	Allowing anonymous to create new directories?
no_anon_password=YES	Do not ask anonymous for password?
anon_root=/home/username/ftp	Directory for anonymous.
write_enable=YES	Allow the usage of FTP commands: STOR, DELE, RNFR, RNTO, MKD, RMD, APPE, and SITE?

anonymous login

user: anonymous
pass: anonymous

see if anonymous login is allowed

nmap -sC {IP address}

note: at the ftp service it will say if its allowed, the default script scans the anonymous login.

---

More Info

get the first overview of the server's settings

ftp> status

see more info

ftp> debug
ftp> trace

Setting	Description
dirmessage_enable=YES	Show a message when they first enter a new directory?
chown_uploads=YES	Change ownership of anonymously uploaded files?
chown_username=username	User who is given ownership of anonymously uploaded files.
local_enable=YES	Enable local users to login?
chroot_local_user=YES	Place local users into their home directory?
chroot_list_enable=YES	Use a list of local users that will be placed in their home directory?