csictf 2020

CTF Writeup - https://ctftime.org/event/1081

Home csictf 2020 Writeups Home
22 July 2020

HTB 0x01

by vishalananth

I forgot my ‘flag.txt’ file on the server…

Server is at 34.93.37.238.

Solution

I ran a detailed nmap scan on the given IP using:

nmap -vvv -Pn -A 34.93.37.238

5001/tcp  open   ftp              syn-ack      vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_Can't get directory listing: PASV IP 10.160.0.2 is not the same as 34.93.37.238
| ftp-syst: 
|   STAT: 
| FTP server status:
|      Connected to ::ffff:49.207.139.203
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      At session startup, client count was 4
|      vsFTPd 3.0.3 - secure, fast, stable
|_End of status

There is an open TCP port - 5001 which accepts FTP connections. So I tried to open a FTP connection using:

ftp 34.93.37.238 5001

But somehow I was not able to run any command as it was not able to enter passive mode. So I downloaded ncftp FTP client and ran

ncftp -P 5001 34.93.37.238

It worked and I was able to get the flag using

cat pub/flag.txt

Flag

csictf{4n0nym0u5_ftp_l0g1n}
tags: Linux