# Commands
```bash
ftp <IP>
ftp> status
ftp> ls -R # Recursive Listing
ftp> get <file> # download
ftp> put <file> # upload
ftp> wget -m --no-passive ftp://anonymous:anonymous@<IP> # download all available files
```
# Service Interaction
```bash
nc -nv <IP> 21
telnet <IP> 21
openssl s_client -connect <IP>:21 -starttls ftp # ftp on TLS/SSL
```
# Attack
1. FTP allows `anonymous login`
2. Web server on port 80 and FTP on port 21 share the same directory.
3. FTP allows File downloads and uploads
```bash
1. Download php-reverse.shell.php to our local Kali
2. upload php-reverse.shell.php to FTP
3. Set up nc listener to receive the reverse shell
4. Access the FTP directory through HTTP and execute the payload
5. Capture reverse shell
```