Service:
vsftpd ,
proftpd ,
pure-ftpd
Protocol:
TCPPort:
21Used for:
Unencrypted file transfer between client and serverWhy It’s Open
FTP is one of the oldest methods for transferring files over a network. You’ll often find it in legacy systems, embedded devices, or setups that require batch file uploads or remote file access.
Common Risks
- Cleartext Authentication: Usernames and passwords are transmitted in plaintext.
- Anonymous Access: Misconfigured FTP servers may allow login without credentials.
- Directory Traversal: Attackers may access restricted directories using
../. - Brute Force & Default Credentials: Common targets for automated tools.
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Check if it’s open
nmap -sV -p 21nmap -p 21 --script=ftp-anonConnect manually
ftpAnonymous login test
ftpName: anonymousPassword:What to Look For
| Checkpoint | What it means |
|---|---|
| Anonymous login enabled | Public access, often a misconfiguration |
| Banner shows old version | May be vulnerable to known exploits |
| FTP root access | Can lead to full system compromise |
Known Exploits
- CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the SITE CPFR and SITE CPTO commands, leading to potential remote code execution.
Mitigation
- Disable anonymous login.
- Use FTPS or switch to SFTP instead.
- Restrict access via firewall.
- Limit users to specific chroot jails.
- Disable write permissions where not needed.
Real-World Example
Publicly exposed FTP servers allowing anonymous access have led to major leaks of personal and financial data in the past. Tools like Shodan still show thousands of such servers online today.
TL;DR
- Service: FTP (File Transfer Protocol)
- Default Port: 21/TCP
- Risks: Unauthorized file access, data leakage
- Mitigation: Apply patches, disable anonymous access, use secure alternatives