HTB 0x01
by vishalananth
I forgot my ‘flag.txt’ file on the server…
Server is at 34.93.37.238.
Solution
I ran a detailed nmap scan on the given IP using:
nmap -vvv -Pn -A 34.93.37.238
5001/tcp open ftp syn-ack vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_Can't get directory listing: PASV IP 10.160.0.2 is not the same as 34.93.37.238
| ftp-syst:
| STAT:
| FTP server status:
| Connected to ::ffff:49.207.139.203
| Logged in as ftp
| TYPE: ASCII
| No session bandwidth limit
| Session timeout in seconds is 300
| Control connection is plain text
| Data connections will be plain text
| At session startup, client count was 4
| vsFTPd 3.0.3 - secure, fast, stable
|_End of status
There is an open TCP port - 5001 which accepts FTP connections. So I tried to open a FTP connection using:
ftp 34.93.37.238 5001
But somehow I was not able to run any command as it was not able to enter passive mode. So I downloaded ncftp FTP client and ran
ncftp -P 5001 34.93.37.238
It worked and I was able to get the flag using
cat pub/flag.txt
Flag
csictf{4n0nym0u5_ftp_l0g1n}