01 Jan 2023
FTP session operates using two channels, command/control and data. The command channel is used for commands and replies, while the data channel transfers data. Functions as a client-server protocol. Comes in Active and Passive connections.
Separate command and data channels allows commands to be sent while data is transferring.
Exploiting an anonymous FTP login to see what files can be accessed, and if they have information that can lead to popping a shell is a common pathway in CTF challenges, and mimics real-life careless FTP server implementations. There is also known exploit in some versions of in.ftpd and some other server variants where they respond to the “cwd” command differently for home directories that exist and those that don’t. This allows tracking down user accounts. Mostly a bug in legacy systems, but worth knowing about. (More reading: https://www.exploit-db.com/exploits/20745)
With FTP connection active, use mget to retrieve remote files.
FTP is unencrypted, so all info can be intercepted and read, including passwords. Task’s exploitation will be of weak or default password configs.
hydra -t 4 -l [user] -P [path] -vV [ip address] ftp.Crack the password and log in to get the flag.
Tomorrow starts Network Services 2