Service Detection
Banner Grab
Anonymous Login
Download Everything
Enumeration
List Files
Download File
Upload File
Binary Mode (for executables)
Brute-Force
Interesting Files
Look for:.htpasswdweb.configbackup.zip*.conf- SSH keys
- Database dumps
FTP Bounce Attack
Use FTP server to port scan internal hosts.FTP + Web Shell
If FTP root maps to web root:NSE Scripts
Quick Reference
| Check | Command |
|---|---|
| Anonymous login | ftp -a TARGET |
| Brute-force | hydra -L users.txt -P pass.txt ftp://TARGET |
| Download all | wget -r ftp://anonymous:@TARGET/ |
| Bounce scan | nmap -b user:pass@FTP INTERNAL |