FTP Enumeration Cheat Sheet

Enumerating FTP Service

Apr 22, 2024

Use this guide to quickly enumerate FTP services during CTFs or pentests. Focused, surgical, no fluff.

Basic Connection & Anonymous Login

ftp <IP>

Try anonymous access:

Username: anonymous
Password: anonymous  # or blank

Banner Grabbing

nc <IP> 21

Look for server version info (e.g., vsftpd, FileZilla, Microsoft FTP).

FTP Command Quick Hits

ls         # List files
cd <dir>   # Change directory
get <file> # Download file

Optional:

put <file> # Upload (check write perms)

Brute-Force with Hydra

Single user brute:

hydra -l <user> -P /usr/share/wordlists/rockyou.txt ftp://<IP>

Password spray (many users, one password):

hydra -L users.txt -p 'SuperS3cure1337#' ftp://<IP>

Pro Tips

Always test anonymous first — quick win if enabled.
Look for .txt files, config backups, or anything that leaks users.
Don’t skip get on every interesting file.
Password reuse is real — try known creds against FTP too.

Discussion about this post

No posts

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts