1
00:00:00,940 --> 00:00:05,140
In this video, we are going to learn how we can exploit FTP protocol.

2
00:00:09,580 --> 00:00:15,310
FTP, as the name suggests, is a protocol that is used to allow the remote transfer of files over a

3
00:00:15,310 --> 00:00:15,880
network.

4
00:00:16,660 --> 00:00:19,390
FTP operates using a client server protocol.

5
00:00:19,570 --> 00:00:22,030
The client initiates a connection with the server.

6
00:00:22,060 --> 00:00:27,250
The server validates whatever login credentials are provided and then opens the session.

7
00:00:27,670 --> 00:00:31,780
When the session is open, the client may execute commands on the server.

8
00:00:32,259 --> 00:00:35,530
FTP protocol normally runs on port 21.

9
00:00:37,680 --> 00:00:43,200
For enumeration, we can use Nmap to scan for port 21 and get information about it.

10
00:00:43,560 --> 00:00:49,890
In some cases FTP may allow anonymous login which does not need any username and password.

11
00:00:52,240 --> 00:00:57,100
If FTP requires username and password, we can use hydra to brute force the password.

12
00:00:57,580 --> 00:01:01,930
Just use the command as shown on the screen and mention FTP protocol.

13
00:01:02,770 --> 00:01:04,420
Now let's see the demonstration.

14
00:01:08,260 --> 00:01:10,780
For the demonstration purposes I'm using.

15
00:01:10,900 --> 00:01:16,270
Network services roam on Tryhackme, which is a very good roam to learn network exploitation.

16
00:01:16,840 --> 00:01:23,230
And the first question is what communication model does FTP use which we have already discussed?

17
00:01:23,230 --> 00:01:24,820
That is client server model.

18
00:01:25,860 --> 00:01:30,270
The second question is what's the standard FTP protocol, which is Port 21?

19
00:01:30,480 --> 00:01:34,260
The third question is how many modes of FTP connections are there?

20
00:01:34,260 --> 00:01:35,190
Which are two?

21
00:01:38,080 --> 00:01:41,470
So after solving the basic questions, you start your machine.

22
00:01:46,440 --> 00:01:48,350
And our task is to enumerate FTP.

23
00:01:54,710 --> 00:01:57,950
Once the machine is started, copy the IP address of the machine.

24
00:01:58,900 --> 00:02:00,460
Move over to your Kali machine.

25
00:02:04,720 --> 00:02:05,890
And try to bring it.

26
00:02:11,970 --> 00:02:13,260
So our machine is live.

27
00:02:14,850 --> 00:02:16,380
Now start Nmap scan.

28
00:02:17,730 --> 00:02:19,170
SSH is for stealth scan.

29
00:02:19,230 --> 00:02:23,010
Dash A is to enumerate all possible services and ports.

30
00:02:23,490 --> 00:02:25,620
Dash t4 is to speed up the scan.

31
00:02:32,430 --> 00:02:35,280
And we do have FTP running on port 21.

32
00:02:37,450 --> 00:02:39,490
Which also allows anonymous login.

33
00:02:40,580 --> 00:02:46,400
Before we move on to the next step, let's just run the scan for all posts to see if any other port

34
00:02:46,400 --> 00:02:47,090
is open.

35
00:02:48,670 --> 00:02:51,820
To repeat the scan with dash P dash flag.

36
00:02:56,380 --> 00:02:57,820
Foreskin is back.

37
00:02:58,860 --> 00:03:03,000
When only Port 21 is open on which FTP service is running.

38
00:03:03,920 --> 00:03:07,460
So the next question is what variant of FTP is running on it?

39
00:03:08,810 --> 00:03:11,720
It is vsftpd, which we have seen.

40
00:03:15,230 --> 00:03:18,290
No, we need to anonymous login into the file system.

41
00:03:19,940 --> 00:03:21,260
Open a new terminal.

42
00:03:25,100 --> 00:03:27,830
And use the command FTP and the IP address.

43
00:03:29,840 --> 00:03:36,860
And once it asks for the name was anonymous and give it a blank password and you are logged into the

44
00:03:36,860 --> 00:03:37,520
machine.

45
00:03:37,910 --> 00:03:41,180
You can check the files in the current directory by command.

46
00:03:43,700 --> 00:03:46,580
There's one file public underscore notice dot text.

47
00:03:48,630 --> 00:03:52,710
To download the file, use the get command and the file is downloaded.

48
00:03:56,270 --> 00:03:59,210
Now you can check the contents of the file with Cat Command.

49
00:04:00,640 --> 00:04:03,250
Now, let's just answer the question on Tryhackme.

50
00:04:04,860 --> 00:04:09,180
So the question is what is the file name which you have seen public notice dot txt.

51
00:04:10,120 --> 00:04:12,310
And the next question is what do we think?

52
00:04:12,310 --> 00:04:13,540
A possible username.

53
00:04:14,420 --> 00:04:15,170
Which is like.

54
00:04:18,430 --> 00:04:19,839
Just complete this section.

55
00:04:20,500 --> 00:04:24,220
Now, in the next task we will be brute forcing FTP credentials.

56
00:04:30,820 --> 00:04:33,190
First of all, locate your rock dictionary file.

57
00:04:33,310 --> 00:04:34,270
Locate command.

58
00:04:35,750 --> 00:04:39,710
It's located in usr share wordlist directory.

59
00:04:40,780 --> 00:04:45,550
They use the command draw dash l specify the user name, which is Mike.

60
00:04:46,120 --> 00:04:49,180
Specify the dictionary of passwords with dash flag.

61
00:04:52,210 --> 00:04:52,900
IP address.

62
00:04:54,270 --> 00:04:55,890
I specify FTP in the end.

63
00:04:56,580 --> 00:04:59,910
You can use dash v flag for verbose output.

64
00:05:03,780 --> 00:05:08,640
You can see that it has successfully bruteforced our password, which is actually password.

65
00:05:12,110 --> 00:05:14,390
To the password of user mic is password.

66
00:05:15,450 --> 00:05:17,000
Lead the next task as well.

67
00:05:18,230 --> 00:05:19,400
And let's just log in.

68
00:05:22,460 --> 00:05:25,130
Use the command FTP, the IP address of the machine.

69
00:05:26,000 --> 00:05:27,530
Now use the username Mike.

70
00:05:27,530 --> 00:05:28,520
And the password.

71
00:05:28,520 --> 00:05:29,240
Password.

72
00:05:30,700 --> 00:05:31,720
And we are logged in.

73
00:05:32,650 --> 00:05:37,660
Let's check the contents of the current file with FTP and get the ftp dot txt file.

74
00:05:43,330 --> 00:05:44,680
Knocked out its content.

75
00:05:54,810 --> 00:05:56,070
And we have our flag.

76
00:05:57,610 --> 00:05:59,500
Just copy the flag and paste it on.

77
00:05:59,500 --> 00:06:00,130
Try hack me.

78
00:06:03,880 --> 00:06:07,690
So we have completed FTP exploitation task on tryhackme.

79
00:06:08,660 --> 00:06:16,760
So in this video we learned how we can enumerate FTP and how we can exploit and brute force FTP passwords.