Intro
| Dificulty | OS | Start Date | End Date | |—|—|—|—| | Very Easy | Linux | 17/05/2022 | 17/05/2022 |
Thought process
- View running services with
nmap. - Connect with
ftp(Anonymous User). - List Directories and
getinteresting files. (Usernames+Password File) Dirbust@IP to find if there’s anylogin.php.- Login as “admin”.
Resolution
After checking which ports are open, I make an ftp connection using “anonymous” username.
1
$ ftp @IP
I listed the Directories ls and downloaded the username and password files get. [lcd]: Change directory on your local system.
The web didn’t display any LogIn so I dirbust trying to find any .php
1
$ gobuster dir -u @IP/Domain -w /path/to/wordlist -x php
In the end it found a file called login.php so I typed it in the browser. Once there, I tried with the user “admin” which was in the files.
Others
Users could connect to the FTP server anonymously if the server is configured to allow it, meaning that we could use it even if we had no valid credentials. (nmap shows if it’s possible).