Crocodile
Target Information:
- IP: 10.129.198.37
- Port 21: Anonymous FTP login allowed
- vsFTPd 3.0.3
- Port 80: Smash - Bootstrap Business Template
- Apache httpd 2.4.41 ((Ubuntu))
===============================================
Task #1: What nmap scanning switch employs the use of default scripts during a scan?
- A: -sC
nmap 10.129.198.37 -sC
Task #2: What service version is found to be running on port 21?
- A: vsFTPd 3.0.3
Task #3: What FTP code is returned to us for the "Anonymous FTP login allowed" message?
- A: 230
ftp 10.129.198.37
- anonymous
Task #4: What command can we use to download the files we find on the FTP server?
- A: get
Task #5: What is one of the higher-privilege sounding usernames in the list we retrieved?
- A: admin
ls
get allowed.userlist
get allowed.userlist.passwd
- RETRIEVED USERS:
- aron:root
- pwnmeow:Supersecretpassword1
- egotisticalsw:@BaASD&9032123sADS
- admin:rKXM59ESxesUFHAd
Task #6: What version of Apache HTTP Server is running on the target host?
- A: 2.4.41
nmap 10.129.198.37 -sC -sV
Task #7: What is the name of a handy web site analysis plug-in we can install in our browser?
- A: Wappalyzer
Task #8: What switch can we use with gobuster to specify we are looking for specific filetypes?
- A: -x
gobuster dir --url 10.129.198.37 --wordlist common.txt
Task #9: What file have we found that can provide us a foothold on the target?
- A: login.php
- The
dashboard
directory leads to this page
Submit root flag: c7110277ac44d78b6a9fff2232434d16
- Username: admin
- Password: rKXM59ESxesUFHAd