INTRO
I wrote my first article on FTP Enumeration on this website a year back. the response wasn’t good though. in that article, I told you about how you can enumerate FTP port with various methods. we also tried to brute-force the FTP service with Metasploit. we tried banner grabbing and tried to enumerate the version of the FTP service too.
The FTP server can be used as a file-sharing server as the names sounds, obvious. Sometimes, FTP can be used as a shell for a remote machine. it happens when you don’t configure the server properly.
But in today’s blog, we are going to host an FTP server on our localhost. this is going to be simple, soft, sweet, and easy. anyone can easily understand this article.
Requirements
1. Linux(Kali Linux or Parrot Security OS recommended)
2. Vsftpd
3. FTP
SETUP
First, we will install Ftp and Vsftpd in our Linux.
Type this command to install these utilities:
sudo apt install ftp vsftpd
Screenshot:
Installation can take some time because you are installing two packages. It all depends on your internet speed.
After installation, type these commands to ensure if you have installed Vsftpd and FTP correctly:
vsftpd -v ftp -h
Now that you have FTP and Vsftp, we can go further and set up our FTP server. type this command to start the FTP server:
vsftp
it won’t show any output but it will run continuously.
Screenshot:
Now, we will try to find open ports on our localhost with Nmap. you can try any other information gathering tool. but I prefer using Nmap to find running services on a host.
Type this command:
nmap 127.0.0.1
it will show all opened ports on your localhost.
Screenshot:
As you can see, we have an FTP port opened on port 21. actually, 21 is a default port for FTP service.
Note that we can use our local users to login to FTP. but we can use root but not now. I will saw you how you can login with root. if you don’t have any users except, type this command to create one:
adduser <username>
After running this command, it will ask you for a password for the new account. then it will ask for some additional information which is not necessary to provide. you can just type Enter to skip all those.
Screenshot:
Now, lets login with the FTP tool which we have installed before with apt command:
ftp localhost
You can replace localhost with a domain or IP. we will be able to connect with the FTP server as long as the Vsftp server runs on our system. you can see that I have logged in with the “pink” account that I just created for demonstration.
Screenshot:
If you try root to login you will see that it will not allow you to do so. Actually, we can ban any user from login into our FTP server.
We have a file in /etc folder named ftpusers. if you take a look at this file, you will see that it holds all those user that can’t access FTP.
Screenshot:
You just have to remove root user from this file to access FTP with root.
One more important thing that vsftpd.conf holds all configuration of FTP. so, to configure your FTP server, you will need to edit the vsftpd.conf file.
Uncomment for configuration
»To allow Anonymous user to log into the FTP server:
»To make dir and files in FTP server:
»To allow Anonymous user to make dir and files in FTP server:
»To change the IDLE timeout:
»Change “NO” to “YES” for encrypted connection in FTP server:
I have mentioned the “Anonymous” user. you can say that the “Anonymous” user is a default user for FTP service. you will be able to login to the server once, the Admin will allow Anonymous user to login in the config file. The password will remain the same as the name “anonymous”.
Thanks For Visiting.
