Writeups from challenges and CTFs i take part in.
This Starting Point machine revolves entirely around FTP, a protocol designed for sharing files across a network.
What does the 3-letter acronym FTP stand for?
As we said, we are talking about
File Transfer Protocol
Which port does the FTP service listen on usually?
This protocol usually runs on port
21
FTP sends data in the clear, without any encryption. What acronym is used for a later protocol designed to provide similar functionality to FTP but securely, as an extension of the SSH protocol?
Most of the time, secure versions of protocols only add a final s to the original acronym. This is also true this time.
FTPS
What is the command we can use to send an ICMP echo request to test our connection to the target?
Just like we did in Meow, one of the ways to test our connection to another machine is through the
ping
command.
From your scans, what version is FTP running on the target?
nmap target-id-here -sV (-sV means “service version”) will return
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3
Service Info: OS: Unix
this means that the ftp version is
vsftpd 3.0.3
From your scans, what OS type is running on the target?
Again, from our last scan, the machine is running
Unix
What is the command we need to run in order to display the ‘ftp’ client help menu?
Most programs will need something like -h or --help, but client applications, such as ftp, need -?, so
ftp -?
What is username that is used over FTP when you want to log in without having an account?
Opposite to what we did in Meow, there are no default credentials to try other than the standard one:
anonymous
What is the response code we get for the FTP message ‘Login successful’?
ftp login syntax is simply ftp anonymous@target-ip-here (port if not default 21). This will return
220 (vsFTPd 3.0.3)
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
we are now logged in and the success code is
230
There are a couple of commands we can use to list the files and directories available on the FTP server. One is dir. What is the other that is a common way to list files on a Linux system.
Just like we did in Meow,
ls
will list files and directories from the specifued directory (., the current directory, as default)
What is the command used to download the file we found on the FTP server?
To download a file from ftp we’ll need
get
Submit root flag
ls will show:
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 32 Jun 04 2021 flag.txt
226 Directory send OK.
we can donload flag.txt to our machine with get flag.txt
ftp> get flag.txt
local: flag.txt remote: flag.txt
229 Entering Extended Passive Mode (|||20834|)
150 Opening BINARY mode data connection for flag.txt (32 bytes).
100% |**********************************************************************************************************************************************************************************************| 32 512.29 KiB/s 00:00 ETA
226 Transfer complete.
32 bytes received in 00:00 (0.74 KiB/s)
now we can exit ftp with quit and read flag.txt just like we did in Meow with cat flag.txt. This will return:
035db21c881520061c53e0536e44f815