type
status
date
slug
summary
tags
category
icon
password
Catagory
Materials
Retired
Retired
Due date
Jan 16, 2024 05:33 AM
Status
Belong in
Progress
Task1:What Nmap scanning switch employs the use of default scripts during a scan?
-sC
Task2:What service version is found to be running on port 21?
vsftpd 3.0.3
Task3:What FTP code is returned to us for the "Anonymous FTP login allowed" message?
230
Task4:After connecting to the FTP server using the ftp client, what username do we provide when prompted to log in anonymously?
Anonymous
Task5:After connecting to the FTP server anonymously, what command can we use to download the files we find on the FTP server?
get
Task6:What is one of the higher-privilege sounding usernames in 'allowed.userlist' that we download from the FTP server?
admin
Task7:What version of Apache HTTP Server is running on the target host?
Apache httpd 2.4.41
Task8:What switch can we use with Gobuster to specify we are looking for specific filetypes?
-x
Task9:Which PHP file can we identify with directory brute force that will provide the opportunity to authenticate to the web service?
login.php
Sumit Flag
使用前面從ftp上取得的 allowed.userlist、allowed.userlist.passwd 來暴力破解
登入成功
Reference
- 作者:ji3g4gp
- 連結:https://gpblog.vercel.app//article/HTB-Crocodile
- 著作權:本文採用 CC BY-NC-SA 4.0 許可協議,轉載請註明出處。