Enumeration
As usual, let's start with nmap:
nmap -sV -sC IPReplace IP by the IP of the target machine (Fawn)
Note: The IP of the target machines are always changing so make sure you type the correct one. You can find it on your Hack The Box account.
We can see that port 21 is open on the target machine. Port 21 is associated with FTP (File Transfer Protocol).
Notice the line : ftp-anon: Anonymous FTP login allowed
This means that this FTP server has been misconfigured and we can use the username anonymous to login! When we are prompted to enter a password for anonymous, we should be able to enter whatever we want because the server will disregard the password for the anonymous account.
Let's see if that works!
Foothold
ftp 10.129.252.202
Type:
anonymousand press enter
When prompted to enter a password, type whatever you like and press enter.
We are in!
Let's list the files available in our current directory using:
ls
There is a file called flag.txt This seems interesting!
Let's use the get command to download this file directly onto our VM:
get flag.txt
Now go to your home directory and the you can see flag.txt is there.
Open the file flag.txt
Congratulations! You got the flag!