Difficulty: ♦
Tags: FTP | Network | Protocols | Reconnaissance | Anonymous/Guest Access
Description: Another 5-minute box. This box allows guest access via the Anonymous user to access files that were not given the appropriate permissions.
TASK 1
What does the 3-letter acronym FTP stand for?**** ******** *******l
- File Transfer Protocol
TASK 2
Which port does the FTP service listen on usually?**
- 21
TASK 3
What acronym is used for the secure version of FTP?***P
- SFTP
TASK 4
What is the command we can use to send an ICMP echo request to test our connection to the target?***g
- Ping
TASK 5
From your scans, what version is FTP running on the target?****** *.*.3
- vsftpd 3.0.3
Nmap command:
nmap -A <Target.Machine.IP>
OR
nmap -sV <Target.Machine.IP>
out in the wild you may want to choose the second option as the -A option creates to much noise
TASK 6
From your scans, what OS type is running on the target?***x
- Unix
TASK 7
What is the command we need to run in order to display the ‘ftp’ client help menu?*** -h
- ftp -h
TASK 8
What is username that is used over FTP when you want to log in without having an account?********s
- Anonymous
Command: ftp <Target.Machine.IP>
User: Anonymous
Password: {anything you want, does not matter} or <Enter>
Anonymous does not require a password, it is important that we disable Anonymous Authentication.
TASK 9
What is the response code we get for the FTP message ‘Login successful’?***
- 230
TASK 10
There are a couple of commands we can use to list the files and directories available on the FTP server. One is dir. What is the other that is a common way to list files on a Linux system.**
- ls
TASK 11
What is the command used to download the file we found on the FTP server?***
- Get
SUBMIT FLAG
Submit root flag********************************
- 035db21c881520061c53e0536e44f815