FTP

FTP (File Transfer Protocol) is a standard network protocol used to transfer files between a client and a server over a TCP/IP network (such as the Internet). It was developed in 1971 and remains widely used for uploading, downloading, and managing files on remote servers.

Key Features of FTP

Uses TCP ports 20 (data transfer) and 21 (command control)
Supports authentication (username/password) but can also allow anonymous access
Operates in two modes:
- Active Mode (server initiates data connection)
- Passive Mode (client initiates data connection, better for firewalls)
Transfers files in binary or ASCII mode
Allows file upload, download, rename, delete, and directory listing

How FTP Works

FTP uses two separate connections:

Control Connection (Port 21)
- Used for sending commands (e.g., USER, PASS, LIST, RETR, STOR)
- Maintained throughout the session
Data Connection (Port 20 in Active Mode, random port in Passive Mode)
- Used for actual file transfers
- Opened and closed per transfer

FTP Communication Example

Client connects to server on port 21 (control connection)
Client authenticates (username/password)
Client sends commands (e.g., LIST to list files, RETR to download)
Server responds and establishes a data connection (active/passive)
File transfer occurs
Data connection closes, but control connection stays open

FTP Commands & Responses

Common FTP Commands

Command

Description

USER

Specifies the username

PASS

Specifies the password

LIST

Lists files in current directory

RETR

Downloads a file (RETR filename.txt)

STOR

Uploads a file (STOR filename.txt)

DELE

Deletes a file

CWD

Changes working directory

PWD

Prints current directory

QUIT

Closes the FTP session

Common FTP Responses

Code

Meaning

200

Command OK

230

331

Username OK, password required

425

Can't open data connection

550

File not found / Permission denied

FTP Modes: Active vs. Passive

1. Active Mode (Default)

Client connects to server on port 21 (control)
Server connects back to client on port 20 (data)
Problem: May fail if client has a firewall blocking incoming connections

2. Passive Mode (Recommended for modern networks)

Client connects to server on port 21 (control)
Server provides a random port for data transfer
Client connects to that port for file transfer
Better for firewalls/NAT (avoids blocking issues)

FTP Example (Manual Connection via Command Line)

$ ftp example.com
Connected to example.com.
220 FTP Server Ready
Name: anonymous    # (or your username)
331 Password required
Password:          # (or blank for anonymous)
230 Login successful
ftp> ls            # List files
200 PORT command successful
150 Opening data connection
-rw-r--r-- 1 user group 1024 Jan 1 file.txt
226 Transfer complete
ftp> get file.txt  # Download file
200 PORT command successful
150 Opening data connection
226 Transfer complete
1024 bytes received
ftp> quit          # Exit
221 Goodbye

Setting Up vsFTPd on Ubuntu (Secure FTP Server)

This guide covers installing and configuring vsFTPd (Very Secure FTP Daemon) on Ubuntu 22.04/20.04 with security best practices.

Step 1: Install vsFTPd

Update packages and install vsftpd:

sudo apt update
sudo apt install vsftpd -y

Check if the service is running:

sudo systemctl status vsftpd

(Expected output: active (running))

Step 2: Configure vsFTPd

Edit the config file:

sudo nano /etc/vsftpd.conf

Basic Secure Configuration

# Disable anonymous FTP
anonymous_enable=NO

# Allow local users
local_enable=YES

# Enable file uploads
write_enable=YES

# Restrict users to their home directories (chroot jail)
chroot_local_user=YES
allow_writeable_chroot=YES

# Security settings
hide_ids=YES
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=50000

# Logging
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
dual_log_enable=YES

Optional: Enable SSL/TLS (FTPS)

Generate SSL certificates:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/certs/vsftpd.pem

Then add to vsftpd.conf:

# Enable SSL
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.key

Step 3: Restart vsFTPd

Apply changes:

sudo systemctl restart vsftpd
sudo systemctl enable vsftpd

Step 4: Configure Firewall (UFW)

Allow FTP & passive ports:

sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw enable

Step 5: Create FTP User

Option 1: Use Existing System User

sudo usermod -d /home/username -s /bin/bash username

Option 2: Create a New FTP-Only User

sudo useradd -m -d /home/ftpuser -s /bin/bash ftpuser
sudo passwd ftpuser
sudo chown ftpuser:ftpuser /home/ftpuser

Step 6: Test FTP Connection

From Linux Terminal

ftp localhost

(Login with your FTP user credentials.)

Using FileZilla (GUI)

Host: your_server_ip
Username: ftpuser
Password: your_password
Port: 21
Encryption: "Require explicit FTP over TLS" (if SSL enabled)

Step 7: Troubleshooting

Check Logs

sudo tail -f /var/log/vsftpd.log

Common Issues

"500 OOPS: vsftpd: refusing to run with writable root inside chroot" Fix: allow_writeable_chroot=YES in config.
"Connection refused" Check firewall (sudo ufw status).
SSL Errors Ensure correct cert paths in vsftpd.conf.

vsFTPd server config:

The vsFTPd (Very Secure FTP Daemon) server is a popular FTP server for Linux, known for its security, performance, and stability. Below is an explanation of its key configurations, typically found in /etc/vsftpd.conf or /etc/vsftpd/vsftpd.conf.

Basic vsFTPd Configurations

1. Server Access & Network Settings

listen=YES
- Runs vsFTPd in standalone mode (not via inetd/xinetd).
listen_ipv6=YES
- Enables IPv6 support (use either IPv4 or IPv6, not both).
listen_address=192.168.1.100
- Binds vsFTPd to a specific IP.
port_enable=YES
- Allows active mode FTP (default port: 20 for data, 21 for control).

2. Anonymous FTP Settings

anonymous_enable=YES
- Allows anonymous logins (username: anonymous or ftp).
anon_root=/var/ftp
- Sets the root directory for anonymous users.
no_anon_password=YES
- Anonymous users don't need a password.
anon_upload_enable=YES
- Allows anonymous uploads (requires write permissions).
anon_mkdir_write_enable=YES
- Allows anonymous users to create directories.
anon_other_write_enable=YES
- Allows deletion/renaming by anonymous users (risky!).

3. Local User Settings

local_enable=YES
- Allows system users to log in via FTP.
local_root=/home/$USER/ftp
- Sets a custom FTP root directory for local users.
userlist_enable=YES
- Enables user-based access control.
userlist_file=/etc/vsftpd.user_list
- Specifies the user list file (whitelist/blacklist).
userlist_deny=YES (default)
- If YES, listed users are denied access (blacklist).
- If NO, only listed users are allowed (whitelist).

4. Security & Permissions

chroot_local_user=YES
- Restricts local users to their home directories (jail).
allow_writeable_chroot=YES
- Allows write access in chroot (use carefully).
write_enable=YES
- Enables file uploads and modifications.
hide_ids=YES
- Shows all files as owned by ftp:ftp for anonymity.
tcp_wrappers=YES
- Uses /etc/hosts.allow and /etc/hosts.deny for access control.

5. SSL/TLS Encryption (FTPS)

ssl_enable=YES
- Enables SSL/TLS encryption.
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
- Path to SSL certificate.
rsa_private_key_file=/etc/ssl/private/vsftpd.key
- Path to private key.
allow_anon_ssl=NO
- Disables SSL for anonymous users (recommended).
force_local_data_ssl=YES
- Forces SSL for data connections.
force_local_logins_ssl=YES
- Forces SSL for login authentication.

6. Logging & Debugging

xferlog_enable=YES
- Enables transfer logging.
xferlog_file=/var/log/vsftpd.log
- Custom log file path.
log_ftp_protocol=YES
- Logs FTP protocol details (debugging).
dual_log_enable=YES
- Logs in both vsftpd and wu-ftp formats.

7. Connection & Rate Limiting

max_clients=50
- Maximum simultaneous connections.
max_per_ip=5
- Connections per IP.
local_max_rate=100000 (bytes/sec)
- Speed limit for local users.
anon_max_rate=50000
- Speed limit for anonymous users.
idle_session_timeout=300 (seconds)
- Disconnects idle sessions.
data_connection_timeout=120
- Timeout for data transfers.

8. Passive Mode (Firewall-Friendly)

pasv_enable=YES
- Enables passive mode (recommended for NAT/firewalls).
pasv_min_port=40000
- Minimum passive mode port.
pasv_max_port=50000
- Maximum passive mode port.
pasv_address=your.public.ip
- Public IP for passive mode (needed for NAT).

Example vsftpd.conf

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
allow_writeable_chroot=YES
userlist_enable=YES
userlist_file=/etc/vsftpd.user_list
userlist_deny=NO
ssl_enable=YES
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.key
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=50000

Post-Configuration Steps

Restart vsFTPd:
```
sudo systemctl restart vsftpd
```

Open Firewall Ports:

sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 40000:50000/tcp

Test FTP Access:
```
ftp localhost
```
or use an FTP client like FileZilla.

footprinting using Nmap scripts:

FTP server version
Supported authentication methods
Anonymous login availability
Vulnerabilities (e.g., CVE checks)

1. Basic FTP Service Detection

First, scan the target to detect if FTP (port 21) is open:

nmap -p 21 <target_IP>

Example output:

PORT   STATE SERVICE
21/tcp open  ftp

2. Enumerate FTP Version & Basic Info

Use Nmap’s ftp-anon script to check for anonymous login and ftp-syst to get system info:

nmap -p 21 --script=ftp-anon,ftp-syst <target_IP>

ftp-anon: Checks if anonymous login is allowed.
ftp-syst: Retrieves FTP server system info (useful for fingerprinting).

Example Output:

PORT   STATE SERVICE
21/tcp open  ftp
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-rw-r--r--    1 0        0              10 Jan 01  2023 test.txt
| ftp-syst: 
|   STAT: 
| FTP server status:
|      Connected to ::ffff:192.168.1.100
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      vsFTPd 3.0.3 - secure, fast, stable
|_End of status

3. Detect Vulnerabilities (CVE Checks)

Use ftp-vsftpd-backdoor to check for the infamous vsFTPd 2.3.4 backdoor (CVE-2011-2523):

nmap -p 21 --script=ftp-vsftpd-backdoor <target_IP>

If vulnerable, it may return:

PORT   STATE SERVICE
21/tcp open  ftp
| ftp-vsftpd-backdoor: 
|   VULNERABLE:
|   vsFTPd version 2.3.4 backdoor
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2011-2523
|     Description:
|       vsFTPd version 2.3.4 contains a backdoor that allows remote code execution.
|     Disclosure date: 2011-07-03
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523
|_      https://www.exploit-db.com/exploits/17491

4. Brute-Force FTP Logins (If Allowed)

If you want to test weak credentials, use ftp-brute:

nmap -p 21 --script=ftp-brute --script-args userdb=/path/to/users.txt,passdb=/path/to/passwords.txt <target_IP>

userdb: List of usernames (e.g., admin, ftp, root).
passdb: List of passwords (e.g., password, 123456, admin).

5. Check for FTP Bounce Attack (CVE-1999-0017)

Some FTP servers allow proxy connections (bounce attack):

nmap -p 21 --script=ftp-bounce <target_IP>

If vulnerable:

PORT   STATE SERVICE
21/tcp open  ftp
| ftp-bounce: 
|   Server may support bounce attacks (CVE-1999-0017)
|     Possibly vulnerable, needs testing
|_    Use '--script-args ftp-bounce.test=true' to test

6. Full FTP Enumeration (Aggressive Scan)

Combine all useful FTP scripts:

nmap -p 21 --script="ftp-* and not brute" -sV <target_IP>

-sV: Detects service version.
ftp-*: Runs all FTP-related scripts (excluding brute-force).

Summary of Useful Nmap FTP Scripts

Script

Purpose

ftp-anon

Checks for anonymous FTP access

ftp-syst

Retrieves FTP server system info

ftp-vsftpd-backdoor

Checks for vsFTPd 2.3.4 backdoor

ftp-brute

Tests weak FTP credentials

ftp-bounce

Checks for FTP bounce attack vulnerability

ftp-vuln-cve2010-4221

Checks for ProFTPD vulnerability

PreviousSSL/TLS NextSSH

Last updated 8 months ago

hashtagKey Features of FTP

hashtagHow FTP Works

hashtagFTP Communication Example

hashtagFTP Commands & Responses

hashtagCommon FTP Commands

hashtagCommon FTP Responses

hashtagFTP Modes: Active vs. Passive

hashtag1. Active Mode (Default)

hashtag2. Passive Mode (Recommended for modern networks)

hashtagFTP Example (Manual Connection via Command Line)

hashtagSetting Up vsFTPd on Ubuntu (Secure FTP Server)

hashtagStep 1: Install vsFTPd

hashtagStep 2: Configure vsFTPd

hashtagBasic Secure Configuration

hashtagOptional: Enable SSL/TLS (FTPS)

hashtagStep 3: Restart vsFTPd

hashtagStep 4: Configure Firewall (UFW)

hashtagStep 5: Create FTP User

hashtagOption 1: Use Existing System User

hashtagOption 2: Create a New FTP-Only User

hashtagStep 6: Test FTP Connection

hashtagFrom Linux Terminal

hashtagUsing FileZilla (GUI)

hashtagStep 7: Troubleshooting

hashtagCheck Logs

hashtagCommon Issues

hashtagvsFTPd server config:

hashtagBasic vsFTPd Configurations

hashtagExample vsftpd.conf

hashtagPost-Configuration Steps

hashtagfootprinting using Nmap scripts:

hashtag1. Basic FTP Service Detection

hashtag2. Enumerate FTP Version & Basic Info

hashtag3. Detect Vulnerabilities (CVE Checks)

hashtag4. Brute-Force FTP Logins (If Allowed)

hashtag5. Check for FTP Bounce Attack (CVE-1999-0017)

hashtag6. Full FTP Enumeration (Aggressive Scan)

hashtagSummary of Useful Nmap FTP Scripts