Crocodile

Target Information:

  • IP: 10.129.198.37
  • Port 21: Anonymous FTP login allowed
    • vsFTPd 3.0.3
  • Port 80: Smash - Bootstrap Business Template
    • Apache httpd 2.4.41 ((Ubuntu))

===============================================

Task #1: What nmap scanning switch employs the use of default scripts during a scan?

  • A: -sC
  • nmap 10.129.198.37 -sC

Task #2: What service version is found to be running on port 21?

  • A: vsFTPd 3.0.3

Task #3: What FTP code is returned to us for the "Anonymous FTP login allowed" message?

  • A: 230
  • ftp 10.129.198.37
    • anonymous

Task #4: What command can we use to download the files we find on the FTP server?

  • A: get

Task #5: What is one of the higher-privilege sounding usernames in the list we retrieved?

  • A: admin
  • ls
  • get allowed.userlist
  • get allowed.userlist.passwd
  • RETRIEVED USERS:
    • aron:root
    • pwnmeow:Supersecretpassword1
    • egotisticalsw:@BaASD&9032123sADS
    • admin:rKXM59ESxesUFHAd

Task #6: What version of Apache HTTP Server is running on the target host?

  • A: 2.4.41
  • nmap 10.129.198.37 -sC -sV

Task #7: What is the name of a handy web site analysis plug-in we can install in our browser?

  • A: Wappalyzer

Task #8: What switch can we use with gobuster to specify we are looking for specific filetypes?

  • A: -x
  • gobuster dir --url 10.129.198.37 --wordlist common.txt

Task #9: What file have we found that can provide us a foothold on the target?

  • A: login.php
  • The dashboard directory leads to this page

Submit root flag: c7110277ac44d78b6a9fff2232434d16

  • Username: admin
  • Password: rKXM59ESxesUFHAd