DEV Community

Cover image for Fawn | HackTheBox Write-up
shiahalan
shiahalan

Posted on • Updated on

Fawn | HackTheBox Write-up

Introduction

This box has us delve into basic nmap enumeration and ftp connection. We first need to enumerate over the target computer to check for available ports. Upon noticing that there is a service running on port 21 (ftp), we then just need to access the file being shared on the FTP using an anonymous account to capture the flag (flag.txt). This box uses basic commands such as: ping, nmap, ftp, cat, and more...

Enumeration

To start off, we should ping the target computer in order to check whether it is alive or not and responsive. We can do so using the ping command (ICMP echo test):

Image description

As we can see, since we are getting a response back from the target, it is indeed alive.

Next, we will enumerate the target for any open/closed ports using an nmap (network mapper) scan on the target. We are going to use the basic flag -sV in order to check for versions of services on the target, as well as host information.

Image description

From the nmap scan we can see that port 21 is open, with service ftp (file transfer protocol). It is running version vsftpd 3.0.3.

We can also see host information. For example, the host is running on the OS (operating system) Unix.

FTP (File Transfer Protocol)

In order to use the FTP being hosted on the target computer, we simply need to use the ftp command to connect to the service. We can do so in the following format: ftp username@targetIP. To login to an account on ftp without a password, you can use the username anonymous. The following command would then look like ftp anonymous@targetIP.

Doing this with our target IP will yield:

Image description

P.S. when you are prompted for a password, to use no password just press enter again for the password prompt...

Using the ls command while in the ftp, we can list the available files.

Image description

We see one of the files listed available is flag.txt!

In order to download that file, we use the get command plus the file name (get example.txt).

Image description

As you can see, we have downloaded the flag.txt file which contains our flag.

In order to view it, simply use the exit command to exit ftp, and then use the cat command plus the filename in order to read the contents of the file.

Image description

The flag has been successfully captured!

Various Questions

What does the 3-letter acronym FTP stand for?
File Transfer Protocol

Which port does the FTP service listen on usually?
21

What acronym is used for the secure version of FTP?
SFTP

What is the command we can use to send an ICMP echo request to test our connection to the target?
ping

From your scans, what version is FTP running on the target?
vsftpd 3.0.3

From your scans, what OS type is running on the target?
Unix

What is the command we need to run in order to display the 'ftp' client help menu?
ftp -h

What is username that is used over FTP when you want to log in without having an account?
anonymous

What is the response code we get for the FTP message 'Login successful'?
230

There are a couple of commands we can use to list the files and directories available on the FTP server. One is dir. What is the other that is a common way to list files on a Linux system.
ls

What is the command used to download the file we found on the FTP server?
get

Submit root flag
Try it yourself :)

Top comments (0)