FTP
Introduction
It is a File transfer protocol. The client sends request to the server for specific files.
Types of Connections
It uses 2 types of connections: Control connection and Data connection.
Control connection is used for navigation(commands such as cd, ls). The client sends request to the server TCP port 21 for this purpose.
Data connection is used to actually transfer file data(commands such as get, put). The client sends request to the server TCP port 20 for this purpose.
Types of FTP
There are two types of FTP:
-
Active
The client establishes the connection as described via TCP port 21 and thus informs the server via which client-side port the server can transmit its responses. The server actively establishes the data connection with the client. -
Passive
The server announces a port through which the client can establish the data channel. The server passively waits for the client to establish the data connection.The passive mode has specially been developed for the instances where a firewall protects the client and server cannot reply because all external connections are blocked. Since the client initiates the connection in this method, the firewall does not block the transfer.
How to connect
ftp {IP}: connect to ftp server hosted at IP.- You can also connect to the ftp server through browser.
ftp {IP}is equivalent toftp://{IP}. - Before data transmission, client needs to be logged in to the file server. The client is asked to fill in the credentials including username and password to connec to the file server successfully.
Anonymous login
If anonymous mode is enabled in FTP server, then client can log into the server as user anonymous without giving any password. This type of configurations is done for public files that anyone should be able to download.
Generally, anonymous users do not have permission to upload files to the FTP server. But if the server has been misconfigured and anonymous users get permission to upload files, then reverse shell script can be uploaded to start a TCP connection.
The configurations dealing with anonymous login are:
| Setting | Description |
|---|---|
| anonymous_enable=YES | Allowing anonymous login? |
| anon_upload_enable=YES | Allowing anonymous to upload files? |
| anon_mkdir_write_enable=YES | Allowing anonymous to create new directories? |
| no_anon_password=YES | Do not ask anonymous for password? |
| anon_root=/home/username/ftp | Directory for anonymous. |
| write_enable=YES | Allow the usage of FTP commands: STOR, DELE, RNFR, RNTO, MKD, RMD, APPE, and SITE? |
FTP commands
After logging in, following two types of commands can be executed:
- control connection:
ls [file|folder]to list the files/folders in the FTP servercd <file|folder>change directory
We cannot use
catcommand to view the file content, because the client and server is connected through FTP protocol and it doesn’t allowcatcommand.List of all FTP comands for Linux FTP server can be found here.
- data connection:
get <file>to download file from server to local machineput <file>to upload file
💡 Before using “get” or “put” command, enable binary mode using command “binary”.
After executing the FTP commands, we get certain FTP status response codes. A list of possible status codes can be found here.
Server configurations and debugging
- One of the most used FTP servers on Linux-based distributions is vsFTPd. The default configuration of vsFTPd can be found in
/etc/vsftpd.conf. - The file
/etc/ftpuserscontains a list of user names who are denied the login access to the FTP server. debugandtracecommands can be used to make the server show more information.statuscommand can be used to get the overview of server’s settings.-
Download all available files in the FTP server:
wget -m --no-passive ftp://anonymous:anonymous@10.129.14.136 -
SSL can also be enabled on the FTP server. In that case,
opensslcommand can be used to connect to the server and also view the SSL certificate, which can also provide more information such as hostname, email address and domain & sub-domains.openssl s_client -connect 10.129.14.136:21 -starttls ftp