# Commands ```bash ftp <IP> ftp> status ftp> ls -R # Recursive Listing ftp> get <file> # download ftp> put <file> # upload ftp> wget -m --no-passive ftp://anonymous:anonymous@<IP> # download all available files ``` # Service Interaction ```bash nc -nv <IP> 21 telnet <IP> 21 openssl s_client -connect <IP>:21 -starttls ftp # ftp on TLS/SSL ``` # Attack 1. FTP allows `anonymous login` 2. Web server on port 80 and FTP on port 21 share the same directory. 3. FTP allows File downloads and uploads ```bash 1. Download php-reverse.shell.php to our local Kali 2. upload php-reverse.shell.php to FTP 3. Set up nc listener to receive the reverse shell 4. Access the FTP directory through HTTP and execute the payload 5. Capture reverse shell ```