Machine difficulty: Very Easy
Setting up the environment
Refer the blog on the machine MEOW to configure and connect to the HTB VPN.
Cracking FAWN
STEP 1: Launch the machine
In order to use the machine, we must first launch an instance of it. However, connecting to the VPN is necessary before the machine can be spawned. If you're unsure where to begin, take a look at my Meow walkthrough where I already discussed on the topic. You will be granted an IP address once you have joined and created a machine.
STEP 2: Check its status
We can use the ping tool to test if the machine responds to our ICMP messages in order to verify that we can interact with it. You may do this from the terminal by entering ping followed by the device's IP address as shown in the image above.
STEP 3: Enumeration
When the target responds successfully, we can say that a connection has been made and is secure. We can now proceed to the following stage, which entails examining all open ports on the target to determine whether services are currently active on them. The following command will be used to launch the scanning process using the Nmap script.
The Network Mapper, or Nmap, tool will try to send inquiries to the target's ports in the hopes of getting a response, enabling it to ascertain whether or not the port is open. Certain ports are automatically used by specific services. Because certain recognized services might not be standard, we will utilize the service detection flag -sV to determine the name and description of the recognized services.
Enter the nmap command as shown in the image above. We observe that we were able to obtain the port and the service running on the following port i.e 21/TCP running FTP respectively.
STEP 4: Gaining access
You can send files between a client and a server using the FTP, or File Transfer Protocol, service. There are several clients available, including ones with graphical and terminal interfaces. The anonymous login option is one FTP misconfiguration that can be exploited. You can log in anonymously thanks to anonymous login. You don't need to be aware of an existing user's username or password. Simply enter Anonymous as your name and provide any information for a password. You will have access to the files on the FTP server if anonymous logins are supported.
As we observe in the above image we get a successful hit and we now have access to the ftp port.
STEP 5: Capturing the flag
Lets use the dir command to display the directories present in the server.
The flags.txt is the flag required for us to complete pwning the system. The get command can be used to download the flag. It is possible to download files from the server using the get command. Once downloaded copy the flag and enter it in the portal on htb. Congrats! You have successfully pwned FAWN.
ANSWER KEYS:
1. What does the 3-letter acronym FTP stand for?
A. File Transfer Protocol
2. Which port does the FTP service listen on usually?
A. 21 TCP
3. What acronym is used for the secure version of FTP?
A. SFTP
4. What is the command we can use to send an ICMP echo request to test our connection to the target?
A. Ping
5. From your scans, what version is FTP running on the target?
A. vsftpd 3.0.3
6. From your scans, what OS type is running on the target?
A. Unix
7. What is the command we need to run in order to display the 'ftp' client help menu?
A. ftp -h
8. What is username that is used over FTP when you want to log in without having an account?
A. Anonymous
Commentaires