Built on client-server model architecture. It uses two connections in parallel, one for command and control (21) and the second for data transport (20).
References:
(default) Uses a reverse data channel. An active FTP client opens a listening port on its machine, informs the remote FTP server of the port number, and requests the remote FTP server to connect from its port 20 back to the clients port 21.
Does not use reverse data channel. Operates like active FTP except the initial control channel to (to the servers default port 21) and the data channel (to the server's default port 20) are initiated by the client and received and accepted by teh server. Passive FTP is generally used by web browsers.
Hydra can be utilized to check FTP services for default credentials.
hydra -s [PORT] -C ./wordlists/ftp-default-userpass.txt -u -f [IP] ftp
Medusa: medusa -h 10.10.10.10 -u user -P passwords.txt -M ftp
Nmap script: ftp_brute
Metasploit: ftp_login
Anonymous FTP is a means by which archive sites allow general access to their archives of information. These sites create a special account called "anonymous". Anonymous ftp logins are usually the username 'anonymous' or ‘ftp’ with the user's email address as the password. Some servers parse the password to ensure it looks like an email address so site operators get an idea of who is using the service.
ftp <host>
Name: anonymous
Password: <any string>