Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH > Ports 20-21 > Flashcards

Ports 20-21 Flashcards

Learn the Ports, the Threats and the Mitigations

1
Q

Port 20 - 21. What is it and what’s it used for?

A

File Transfer Protocol

An FTP server runs on a computer to provide basic, unencrypted file transfer capability for connecting users. It is most commonly used for anonymous FTP, basically providing public files to anyone.

FTP uses cleartext passwords for authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What attacks is port 20-21 vulnerable to and why?

A

1 - Sniffing Attacks
Password sniffing attacks, collecting user names and passwords from the network were common already in the mid-1990s. The FTP protocol has been largely replaced by SFTP (Secure File Transfer Protocol) and SSH (Secure Shell). Today, FTP should only be used in extreme legacy systems and for public access anonymous FTP. Even for anonymous public access, HTTPS and web servers have largely replaced FTP.

  1. Man in the Middle Attacks
    Since FTP is unencrypted, man-in-the-middle attacks can and have been used to inject malware into software downloaded using FTP.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How do you gain access to Anonymous Login on Port 20-21? What tools are used?

A

Blueprint for Anonymous Hacking FTP Server
1. nmap -p21 (nmap will show open STATE for port 21)
Now you know it’s open try and log in anonymously;
2. Open Metasploit (MSF) on Kali
3. Use auxiliary/scanner/FTP/anonymous
4. msf auxiliary(anonymous) >set rhosts 192.168.0.106
5. msf auxiliary(anonymous) >exploit
If returns READ
Connect client to FTP Server through WinSCP
Now let’s ensure whether we can connect to FTP server as an anonymous user or not.
On log in page of WinsSCP set/type the following
6. Protocol to: FTP
7. Encryption To: No Encryption
8. Host name: IP of the FTP Server
9. Port: 21
10. Username and Password: anonymous: anonymous.
Click on login

Tools Used
1. nmap (Cmd line tool Kali) (to conduct initial scan on port 21 use perimeter -p to only scan port 21). Alternative tools could include 
Zenmap, 
Angry IP Scanner  
WinMtr.
2. Metasploit (msf) (Cmd line tool Kali) - use exploit module to establish if we can log in as Anonymous. Alternative tools could include 
Nessus, 
Social-Engineer Toolkit. 
Exploit Pack. 
Immunity CANVAS
3. WinsSCP (GUI) to log on to the FTP server and view the files. Alternative tools could include 
Cyberduck. 
Forklift. for the Mac. ...
Transmit.
muCommander. 
CarotDAV
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do you Enumerate FTP Banner on Port 20-21?

A

An attacker always perform enumeration for finding important information such as software version which known as Banner Grabbing and then identify it state of vulnerability against any exploit.

(Remember in MSF RHOSTS sets the target address and RPORT sets the target port. Auxiliary is a one of task such as scanning, DOS or fuzzing. Exploit launches the attack of the parameters you set before typing exploit)

Load Metasploit framework (Kali cmd line); now type following command to scan for FTP version.
use auxiliary/scanner/ftp/ftp_version
msf auxiliary(ftp_version) > set rhosts 192.168.0.106
msf auxiliary(ftp_version) > exploit

This will return the version type of the FTP server being used so you know what to attack and how.

Alternative tools for Banner Grabbing - netcat, python, nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

FTP Sniffing and Brute Force Attack

A

Use WireShark to sniff and capture TCP packet. From there you can identify plain text log in credentials.

(Parameters for Hydra -v / -V
Verbose mode / show login+pass combination for each attempt.
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-t TASKS
run TASKS number of connects in parallel (default: 16))

To brute force use Hydra.
1. Load Hyrda in Kali cmd
Once loaded set permeters
2. hydra -V -l root -P (set filepath for the wordlist you want to use for bruteforce). -t 60 (number of log in attempts is 60) ftp
If successful Hydra will highlight in red successful log in details.

Alternative tools to Hydra. hashcat, Patator, acccheck

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What can you do once you have gained access to FTP server.

A

Once an attacker has gained acccess to FTP server they can,

  1. View files and folders in the FTP Database
  2. Upload malware (Trojan, Bots etc)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How to protect FTP Server.

A
  1. Hide Banners
  2. Turn off Anomynous Log in
  3. Use SSL Certificate to change log in credentials to cipher text. Although this can still be captured it is harder to read.
  4. Set threshold account lockout rule to prevent brute force attempts.
  5. Allow only specific I.P to connect.
  6. Use FTP port forwarding so that when port 21 is scanned it shows as closed.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CEH (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions