I am making these walkthroughs to keep myself motivated to learn cyber security, and ensure that I remember the knowledge gained by HTBs machine.
Join me on learning cyber security. I will try and explain concepts as I go, to differentiate myself from other walkthroughs
Task 1. What is the name of the service is running on TCP port `21` on the target machine?
It’s time to get started. Let’s start up a Pwnbox or if you prefer connect to the machine by using OpenVPN.
As always, to find out the open ports we can use Nmap. Use the following command:nmap -sV -sC -v <target ip>
The argument –sV does version detection, –sC runs some basic scripts, while -v adds some more logging. This should be enough to get started.
You should see two open ports.
We got two open ports: port 21 running a FTP service, and port 80 running HTTP (Hypertext Transfer Protocol). It is the default port used to send and receive unencrypted web pages.
If we visit the web service in the browser, we can see we got IIS 7 running.
We will look more at this later.
The task relates to port 21, and we can observer that it is running Microsoft ftpd, a Windows implementation of a ftp service. Also important, it mentions that the service allows anonymous access. More on this in a moment.
- What is the name of the service is running on TCP port `21` on the target machine?
Answer: Microsoft ftpd
2. Which basic FTP command can be used to upload a single file onto the server?
Let’s move on!
We can try accessing the FTP anonymously:ftp anonymous@10.10.10.5
Just press enter when asked for a password. You will get access. Enter dir to get a list of files on the FTP service.
We see a bunch of files, including some reverse shells, but also some related to the IIS service. Let’s have a look around. Files can be download to your machine by using the get command.
Quick note: A lot of files disappeared from the FTP the following morning when I was writing this article. It seems to be files uploaded by other users. You will probably only see the image file and some IIS related files.
If we have a look at the welcome.png image, it looks like the same image of the web page. Could the files be accessible from the web page we found earlier? Let’s try and visit the welcome.png file in the browser.