Skip to content

02. FTP Anonymous Login

1. Scanning for FTP Service Version using Nmap

Command:

nmap <IP Address> -p 21 -sV

Explanation:

  • nmap: Runs the Nmap network scanner.
  • <IP Address>: Target system's IP address.
  • -p 21: Scans only port 21 (FTP service port).
  • -sV: Enables service version detection to determine the FTP software and version running.

Example:

nmap 192.168.1.10 -p 21 -sV

Output (example):

PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3

2. Checking for Anonymous FTP Login using Nmap

Command:

nmap <IP Address> -p 21 --script ftp-anon

Explanation:

  • --script ftp-anon: Uses the Nmap script to check if anonymous login is allowed.

Example:

nmap 192.168.1.10 -p 21 --script ftp-anon

Output (if anonymous login is allowed):

PORT   STATE SERVICE
21/tcp open  ftp
| ftp-anon: Anonymous FTP login allowed (FTP code 230)

3. Anonymous FTP Login Attempt

Command:

ftp <IP Address>
  • Connects to the FTP service on the target system.
  • When prompted for login credentials, enter:
    • Username: anonymous
    • Password: (Leave blank or enter anonymous)

Example:

ftp 192.168.1.10

Output (if anonymous login is successful):

Connected to 192.168.1.10.
220 (vsFTPd 3.0.3)
Name (192.168.1.10:user): anonymous
331 Please specify the password.
Password:
230 Login successful.
ftp>

4. Common FTP Commands After Login

Once logged in, you can use the following FTP commands:

  • ls – Lists files in the current directory.

    ftp> ls

  • pwd – Displays the current directory.

    ftp> pwd

  • cd <directory> – Changes the directory.

    ftp> cd /pub

  • get <filename> – Downloads a file from the server.

    ftp> get example.txt

  • put <filename> – Uploads a file to the server.

    ftp> put myfile.txt

  • bye or exit – Closes the FTP session.

    ftp> bye

5. Risks and Mitigations

Risks:

  • Anonymous Login Exploitation: Attackers can access sensitive files if anonymous login is enabled.
  • Brute Force Attacks: Weak FTP credentials can be guessed using brute-force techniques.
  • Cleartext Transmission: FTP transfers data, including credentials, in plaintext, making it vulnerable to interception.
  • Misconfigured Permissions: Poorly configured FTP directories may allow unauthorized file uploads or modifications.
  • Denial of Service (DoS) Attacks: Attackers can overload the FTP server with requests, making it unavailable.

Mitigations:

  • Disable Anonymous Login: Configure the FTP server to require authentication for access.
  • Use Strong Authentication: Enforce strong passwords and multi-factor authentication.
  • Implement Encryption: Use FTPS (FTP Secure) or SFTP (SSH File Transfer Protocol) instead of plain FTP.
  • Restrict Access: Limit FTP access to only trusted IP addresses and users.
  • Regular Monitoring: Continuously monitor FTP logs for unauthorized access attempts.
  • Update FTP Software: Ensure the FTP server software is regularly updated with security patches.
  • Enforce Least Privilege: Set strict permissions to prevent unauthorized users from modifying or uploading files.
  • Enable Intrusion Detection: Use tools like Fail2Ban to detect and block repeated failed login attempts.