# FTP \[21]
Introduction
1. On of the oldest protocols
2. Operates on the application layer of the OSI model, alongside http and pop
3. TFTP - Trivial File Transfer Protoco l
1. Less secure than FTP as it does not feature authentication
4. FTP can be vulnerable as it transmit data in cleartext and can probably be sniffed
## VsftPD - Default Linux FTP Server
Default FTP on Linux (vsftpd)
One of the most used FTP servers on Linux-based distributions is [vsFTPd](https://security.appspot.com/vsftpd.html). The default configuration of vsFTPd can be found in `/etc/vsftpd.conf`
1. You can install it on Linux with the following
```bash
z3tssu@htb[/htb]$ sudo apt install vsftpd
```
Configuration File
```bash
z3tssu@htb[/htb]$ cat /etc/vsftpd.conf | grep -v "#"
```
FTP Users
```bash
z3tssu@htb[/htb]$ cat /etc/ftpusers
guest
john
kevin
```
In addition, there is a file called `/etc/ftpusers` that we also need to pay attention to, as this file is used to deny certain users access to the FTP service. In the following example, the users `guest`, `john`, and `kevin` are not permitted to log in to the FTP service, even if they exist on the Linux system
Dangerous Settings
There are many different security-related settings we can make on each FTP server. These can have various purposes, such as testing connections through the firewalls, testing routes, and authentication mechanisms. One of these authentication mechanisms is the `anonymous` user. This is often used to allow everyone on the internal network to share files and data without accessing each other's computers. With vsFTPd, the [optional settings](http://vsftpd.beasts.org/vsftpd_conf.html) that can be added to the configuration file for the anonymous login look like this:
