Fawn

Difficulty: ♦

Tags: FTP | Network | Protocols | Reconnaissance | Anonymous/Guest Access

Description: Another 5-minute box. This box allows guest access via the Anonymous user to access files that were not given the appropriate permissions.

TASK 1

What does the 3-letter acronym FTP stand for?**** ******** *******l

  • File Transfer Protocol

TASK 2

Which port does the FTP service listen on usually?**

  • 21

TASK 3

What acronym is used for the secure version of FTP?***P

  • SFTP

TASK 4

What is the command we can use to send an ICMP echo request to test our connection to the target?***g

  • Ping

TASK 5

From your scans, what version is FTP running on the target?****** *.*.3

  • vsftpd 3.0.3

Nmap command:

nmap -A <Target.Machine.IP>

OR

nmap -sV <Target.Machine.IP>

out in the wild you may want to choose the second option as the -A option creates to much noise

TASK 6

From your scans, what OS type is running on the target?***x

  • Unix

TASK 7

What is the command we need to run in order to display the ‘ftp’ client help menu?*** -h

  • ftp -h

TASK 8

What is username that is used over FTP when you want to log in without having an account?********s

  • Anonymous

Command: ftp <Target.Machine.IP>

User: Anonymous

Password: {anything you want, does not matter} or <Enter>

Anonymous does not require a password, it is important that we disable Anonymous Authentication.

TASK 9

What is the response code we get for the FTP message ‘Login successful’?***

  • 230

TASK 10

There are a couple of commands we can use to list the files and directories available on the FTP server. One is dir. What is the other that is a common way to list files on a Linux system.**

  • ls

TASK 11

What is the command used to download the file we found on the FTP server?***

  • Get

SUBMIT FLAG

Submit root flag********************************

  • 035db21c881520061c53e0536e44f815