8.1 FTP

File Transfer Protocol (FTP) services are usually found running on servers to provide public access to files over IP. The FTP service uses the following two ports to function in its native mode:

TCP port 21

The inbound control port, used to receive and process FTP commands

TCP port 20

The outbound data port, used to send data from the server to client

Historically, the way that FTP services have been used to compromise networks include:

  • Brute-force guessing of user passwords to gain direct access

  • FTP bounce port-scanning and exploit payload delivery

  • Issuing crafted FTP commands to circumvent stateful filtering devices

  • Process manipulation, including overflow attacks involving malformed data

I will discuss each of these attack types; however, the first task to undertake when identifying an accessible FTP service is that of enumeration, to ascertain the FTP service that's running and its configuration.