Fawn - Hack The Box - トビアス・F

Introduction#

In this walkthrough, we’ll use Nmap for port scanning to identify open ports and services, focusing on FTP on port 21. We’ll enumerate the FTP service, exploit anonymous login, and download the flag.

Platform: Hack The Box
Level: Very Easy

Enumeration#

target: 10.129.97.198

First, we use the command ping -c 1 10.129.97.198 to check connectivity.

Fawn hackthebox yw4rf

Since we are connected, we begin with the Port scanning using the Nmap tool, hoping to find open ports and running services:

Fawn hackthebox yw4rf

As you may notice, at the end of the Nmap command, I wrote -oG fawn-scan, which saves the scan results in “grepable” format (grepable output). This format is simpler and more compact than the standard output, allowing us to easily extract specific information. Here, we run it using the cat command. We can see that the status is “Up” along with information about the ports and their versions.

Fawn hackthebox yw4rf 21/open/tcp//ftp/vsftpd 3.0.3/ We can conclude that the only open port is 21, which runs the FTP protocol, and its version is vsftpd 3.0.3.

FTP Enumeration#

To gather more information about port 21, we’ll perform a scan specifically on this port using the Nmap flag -sCV. Fawn hackthebox yw4rf We see that it says ftp-anon: Anonymous FTP login allowed, there is a file named flag.txt, and we are on a UNIX operating system.

Anonymous FTP: This is a method that allows entry into an FTP server without needing to authenticate with an account and password. Users connect to the server using the username "anonymous" (or "ftp" in some cases) and any password.

We connect to the FTP server using the FTP client on the target. For the username, we use Anonymous, and for the password, in this case, nothing (press enter). We successfully connect to the target FTP server.

Fawn hackthebox yw4rf