How does FTP Bounce work
I am currently doing a project on FTP bounce and after reading up, I still do not really get how it works/can work. Appreciate if I can receive enlightenment from the experts here.
I understand that the FTP bounce vulnerability allows an attacker to send commands to an FTP server through another intermediate server that they have access to.
However, what I do not understand is:
- Using the nmap commands on https://book.hacktricks.xyz/network-services-pentesting/pentesting-ftp/ftp-bounce-attack, what do I seek to observe (eg. services running on loopback on the intermediate server? services running on the victim server?)
1a. Expanding on the question above, what if I do not have the ip address of the victim server, what use is the FTP bounce then?
- Can you use the FTP bounce vulnerability to transfer files or execute commands on the victim server or intermediate server?
Sorry if the questions are stupid. I may be lacking in my foundational knowledge of FTP bounce and am not getting the information I need via the internet. My eventual goal is to know the attack vectors (directory traversal, remote command execution etc) that are made available to attackers who discover the FTP bounce vulnerability.
Any references to material are very very welcome!
