Academy: Attacking Common Services | Attacking FTP

Did anybody manage to crack the FTP credentials?

The exercise says: “Use the discovered username with its password to login via SSH and obtain the flag.txt file. Submit the contents as your answer.”

I have found the user (r…), and I tried to crack the FTP credentials using several wordlists, with no success. I even tried to crack SSH and SMB, no success.

Can somebody give me a nudge?

1 Like

Why would you even need the credentials?

@kruemel You don’t have to crack the credentials. You can connect to the server anonymously.

I guess we’re talking about different servers. I am in the section “Attacking FTP”. The FTP port is 2…/tcp, and the FTP user is “r…”. The exercise question is “Use the discovered username with its password to login via SSH and obtain the flag.txt file. Submit the contents as your answer.”. And I cannot FTP into the machine as “anonymous”. Any idea?

I have the problem that FTP won’t even show up in my nmap scan.

Same for me:

└─$ ftp -P 2… anonymous@
ftp: Can’t connect to': Connection refused ftp: Can't connect to…’

FTP service doesn’t come up any more.

Did you try this command “nmap -sC -sV ”?
It worked for me. If it does not work for you just restart the target machine

I feel kinda stupid here. Can’t even find the ftp port. Got the username using smb, which seems odd for this specifik part of the module. Anyone?

Nevermind. Got it! It is ridiculous that you need to restart the box a couple of times for the service to be up :neutral_face:


Check resources for username and pwd list

Guys, i cant find FTP port , can u help me ? :wink:
i tryied nmap TCp, UDP, --source-port 53 and a lot of more options - still nothing.

@Creedmoore @Drixxion

Which open ports did you find?

22 / 53 / 139 / 445

Now, this machine is a bit sleaky. Spawn the target. Wait some minutes for the FTP service to start. You will find it on a non-standard port. Eventually, do the scan with -T 4 to slow it down. And you will find it. Let me know if you can go on.

still nothing - maybe exist special, magic nmap command ? :stuck_out_tongue: if not i cant do nothing with this stubborn machine ( next path on the same IP: SMB done :slight_smile: )

I just spawned the target and was able to connect to 2121/tcp.

Nmap totaly ignored this port… After your hint i spawned machine - 2121 CLOSED.
I tryied again and again and finally OPEN :slight_smile: thanks ! Now hydra and i’m in home

Ok I’m having problems with this one. Find the ftp open port ok that’s no problem, so made some hydra with the user and password list resource from this module and for some reason hydra brought me the user jason and his password… not the one with r*** from this cap… So tried again and again and sometimes hydra didn’t find anything… so I’m going crazy right now haha… Maybe somebody help me with this one

Did you connect to the service anonymously?

Nope hahaha my bad, just confuse, already access with anonymous and finish this with the list. Thanks for your help :slight_smile: