** #FTP protocol ( File transfer protocol ) [ port : 20,21 ]**

Normal login: ftp <user>@<ip>

ftp-anon

nmap script for anonymous login on ftp

  • anonymous username can be ftp or anonymous

there also #MSF modules to use them search with this command:

  • search auxiliary/scanner/ftp/
  • Check this aux options down below show OPTIONS FTP_BruteForce_Options_MSF.png

To Bruteforce a FTP login we will use this module or use [[Hydra]]:

  • use auxiliary/scanner/ftp/ftp_login Then Specify the RHOSTS and RPORT (Sometimes FTP service is set to other ports) Then we set the USER_FILE list that contains possible usernames:
  • set USER_FILE /usr/share/metasploit-framework/data/wordlists/common_users.txt Then we set the PASSWORD_FILE: set PASS_FILE /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt