2024-08-10 10:08:39 +02:00
|
|
|
# nxc ftp
|
|
|
|
|
|
|
|
|
|
> Pentest and exploit FTP servers.
|
|
|
|
|
> More information: <https://www.netexec.wiki/ftp-protocol>.
|
|
|
|
|
|
2025-05-04 20:03:26 +03:00
|
|
|
- Search for valid credentials by trying out every combination in the specified lists of usernames and passwords:
|
2024-08-10 10:08:39 +02:00
|
|
|
|
2025-05-04 20:03:26 +03:00
|
|
|
`nxc ftp {{192.168.178.2}} {{[-u|--username]}} {{path/to/usernames.txt}} {{[-p|--password]}} {{path/to/passwords.txt}}`
|
2024-08-10 10:08:39 +02:00
|
|
|
|
|
|
|
|
- Continue searching for valid credentials even after valid credentials have been found:
|
|
|
|
|
|
2025-05-04 20:03:26 +03:00
|
|
|
`nxc ftp {{192.168.178.2}} {{[-u|--username]}} {{path/to/usernames.txt}} {{[-p|--password]}} {{path/to/passwords.txt}} --continue-on-success`
|
2024-08-10 10:08:39 +02:00
|
|
|
|
|
|
|
|
- Perform directory listings on each FTP server the supplied credentials are valid on:
|
|
|
|
|
|
2025-05-04 20:03:26 +03:00
|
|
|
`nxc ftp {{192.168.178.0/24}} {{[-u|--username]}} {{username}} {{[-p|--password]}} {{password}} --ls`
|
2024-08-10 10:08:39 +02:00
|
|
|
|
|
|
|
|
- Download the specified file from the target server:
|
|
|
|
|
|
2025-05-04 20:03:26 +03:00
|
|
|
`nxc ftp {{192.168.178.2}} {{[-u|--username]}} {{username}} {{[-p|--password]}} {{password}} --get {{path/to/file}}`
|
2024-08-10 10:08:39 +02:00
|
|
|
|
|
|
|
|
- Upload the specified file to the target server at the specified location:
|
|
|
|
|
|
2025-05-04 20:03:26 +03:00
|
|
|
`nxc ftp {{192.168.178.2}} {{[-u|--username]}} {{username}} {{[-p|--password]}} {{password}} --put {{path/to/local_file}} {{path/to/remote_location}}`
|
