______                                  _               
 |  ____|                       /\       | |              
 | |__ _ __ ___  _ __ ___      /  \   ___| |__   ___  ___ 
 |  __| '__/ _ \| '_ ` _ \    / /\ \ / __| '_ \ / _ \/ __|
 | |  | | | (_) | | | | | |  / ____ \\__ \ | | |  __/\__ \
 |_|  |_|  \___/|_| |_| |_| /_/    \_\___/_| |_|\___||___/
 
H O M E      <-- B A C K 
                                                        
Fawn

> _

(A video of the walk through can be found at the end of the article)

Difficulty – Very Easy

Actions:

1. Start a NMAP scan against the target: sudo nmap $target -sC -sV --stats-every=10s

Results from the NMAP scan:

nmap scan output

We can see that port 21 is open for FTP and that Anonymous FTP login is allowed which we will test first.

2. I connected to the FTP service using: ftp anonymous@$target

3. This prompted me for a password where I just hit the enter key to login.

FTP login screen

4. I then ran a dir (can also run ls) to list the brows-able files:

running dit in a ftp session from shell

5. I found a file called flag.txt which I downloaded using get:

get command to download a file from FTP

I then exited the ftp service by typing exit and could then cat flag.txt to get the flag.

Box Tasks and answers:

Task 1

What does the 3-letter acronym FTP stand for? File Transfer Protocol

Task 2

Which port does the FTP service listen on usually? 21

Task 3

FTP sends data in the clear, without any encryption. What acronym is used for a later protocol designed to provide similar functionality to FTP but securely, as an extension of the SSH protocol? SFTP

Task 4

What is the command we can use to send an ICMP echo request to test our connection to the target? ping

Task 5

From your scans, what version is FTP running on the target? vsftpd 3.0.3

Task 6

From your scans, what OS type is running on the target? Unix

Task 7

What is the command we need to run in order to display the ‘ftp’ client help menu? ftp -?

Task 8

What is username that is used over FTP when you want to log in without having an account? anonymous

Task 9

What is the response code we get for the FTP message ‘Login successful’? 230

Task 10

There are a couple of commands we can use to list the files and directories available on the FTP server. One is dir. What is the other that is a common way to list files on a Linux system? ls

Task 11

What is the command used to download the file we found on the FTP server? get