Flag 2

Category

Subset of subset of hacking machines challenges

Challenge

Flag 2

We are given a URL - hackit.zh3r0.ml

Solution

Optional: Find IP address of the given domain using ping

Since it is a machine, begin with a full port scan

nmap -T4 -sC -sV -p- hackit.zh3r0.ml

Note: Not sure if I used the right [options], run nmap --help for better understanding and optimisation

This reveals all the open ports and services running on each port. Also notice that the services running are all mixed up.

22/tcp    open     http
25/tcp    filtered smtp
99/tcp    open     ssh
324/tcp   open     ftp
4994/tcp  open     unknown
11211/tcp filtered memcache

• FTP port 324 is allowed anonymous login
  • Use ftp hackit.zh3r0.ml 324 to connect
  • Login with the following credentials

      user      : anonymous
      password  :
    

  • Go into PASSIVE mode using command pass
  • Use ls -la, cd, get to enumerate the hidden files, hidden directories and receive the files onto your machine
  • File .flag contains Flag 2
    Flag 2: zh3r0{You_know_your_shit}