File Transfer Protocol (FTP) services are usually found running on servers to provide public access to files over IP. The FTP service uses the following two ports to function in its native mode:
The inbound control port, used to receive and process FTP commands
The outbound data port, used to send data from the server to client
Historically, the way that FTP services have been used to compromise networks include:
Brute-force guessing of user passwords to gain direct access
FTP bounce port-scanning and exploit payload delivery
Issuing crafted FTP commands to circumvent stateful filtering devices
Process manipulation, including overflow attacks involving malformed data
I will discuss each of these attack types; however, the first task to undertake when identifying an accessible FTP service is that of enumeration, to ascertain the FTP service that's running and its configuration.