PORT 21/tcp - FTP

Introduction

FileZilla Server (From LFI)

FileZilla Server credentials

FileZilla Server credentials are stored on the FileZilla Server.xml file stored in one of the following routes:

C:\Program Files (x86)\FileZilla Server\FileZilla Server.xml
C:\Program Files\FileZilla Server\FileZilla Server.xml
C:\xampp\FileZillaFTP\FileZilla Server.xml

Some times we can found it on plain text (base64) and sometimes encrypted. To decrypt we can use the following tool:

python filezilla-decrypt.py --wordlist /usr/share/wordlists/rockyou.txt

Note: You need to modify password and salt variables of the python script and unescape the salt.

& = &
&lt; = <
&apos; = '
&quot; = "
&gt; = >

# Example
Escaped:        `!U3`CQ;a&amp;3IzbXc/4Wpb\)OZ3TsXP;&apos;Wx#^K&quot;Tu_XX.K&apos;o&lt;&apos;c&amp;A:vItTX-M|Z0Y
Unescaped:      `!U3`CQ;a&3IzbXc/4Wpb\)OZ3TsXP;'Wx#^K"Tu_XX.K'o<'c&A:vItTX-M|Z0Y

GitHub - l4rm4nd/FileZilla-Password-Decryptor: Python script to brute force the clear text password of FileZilla's XML fileGitHub

FileZilla client credentials

FileZilla client save last saved credentials on the following link.

C:\Users\VICTIM\AppData\Roaming\FileZilla\RecentServers.xml