top of page

Fawn


Enumeration


As usual, let's start with nmap:

nmap -sV -sC IP

Replace IP by the IP of the target machine (Fawn)


Note: The IP of the target machines are always changing so make sure you type the correct one. You can find it on your Hack The Box account.

We can see that port 21 is open on the target machine. Port 21 is associated with FTP (File Transfer Protocol).


Notice the line : ftp-anon: Anonymous FTP login allowed


This means that this FTP server has been misconfigured and we can use the username anonymous to login! When we are prompted to enter a password for anonymous, we should be able to enter whatever we want because the server will disregard the password for the anonymous account.


Let's see if that works!


Foothold

ftp 10.129.252.202

Type:

anonymous

and press enter


When prompted to enter a password, type whatever you like and press enter.

We are in!


Let's list the files available in our current directory using:

ls

There is a file called flag.txt This seems interesting!


Let's use the get command to download this file directly onto our VM:

get flag.txt

Now go to your home directory and the you can see flag.txt is there.

Open the file flag.txt

Congratulations! You got the flag!

4,401 views4 comments

Recent Posts

See All

4 Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
Christopher M. Burkett
Christopher M. Burkett
Nov 16, 2022


Like

Christopher M. Burkett
Christopher M. Burkett
Nov 16, 2022

if you are stuck, try typing pass into your ftp.

FTP>pass


Like

Joe Bush
Joe Bush
Feb 08, 2022

I get FTP command not found

Like
Christopher M. Burkett
Christopher M. Burkett
Nov 16, 2022
Replying to


Like
bottom of page