As anonymous should we be able to download both files? I can only download one.
Im stuck in here as well.... Did you manage to solve it...I cant get the password and can`t sign in anonymously to any service…
Hello… how were you “confused” hahaha Ive been stuck for a while in this one... cant get anything from hydra…
Hi, login to FTP anonymously and the files you’ll find in FTP will do the rest.
Hello! Thanks for the reply, I was login incorrectly throught FTP… I got it now 
Thanks!
1 Like
I can’t even find the port… please help only 22,53,139,445…
sudo nmap -sC -sV -T5 -Pn -v 10.129.203.6 -p-
Hey did you find the FTP port?
i can’t but the answer is 2121 i believe there’s an issue with the box
Yeah, I’ve spawned the target machine like 10 times now.
- Scan the target for all ports using -p- option nmap -p- target_ip
- The port for FTP is 2121
- Tried ftp-anon script but nothing came back . I tried to login anonymously but couldn’t get connected . Reset the target 2 times and then could login anonymously .
- Got two files one for username and second for passwords
- hydra -L users.list -P passwords.list ftp://10.129.150.181:2121 used this command for bruteforcing password and username
- Got the match
- Logged in via ssh using the same password and username and got flag.txt
I hope this helps you guys
So , here’s the road so far on attacking common services - FTP.
Hard as ■■■■ to find the port, found it after several reboots of the box.
Used hydra on FTP with the lists provided, found a matching ID/pwd after several attempts.
The ID i found isnt the right one (doesnt validate the second question).
I cant log on SSH with this credential.
Guessed the right login after lurking on the forums.
I attacked the FTP & SSH services with the “right” login and the password list provided, nothing so far.
BTW, cant even log anonymously, nmap states “port 2121/tcp closed”
What am i doing wrong ?
The creds i found are for the next task - smb - but cant get a SSH logon with them ( Error: Permission denied (publickey)).
The plot thickens…
Hello!
I have tried brute forcing the FTP service with provided lists. and was not able to find any valid password for R****. I am using the same command as mentioned by you
anonymous login is working… you need to restart the machine a couple of times… BTW i am stuck at R**** user’s password… bruteforcing is not working
Found port but cant use annnounymous to authenticate…even restarts did not help… did I miss something?
i will give you a hint:
- sometimes you don’t need to login, what you need to do is just download all the files available through FTP using
wgetcommand.
THanks for the HINT. Actually for those who are stuck in the same question. My advise is :" The file in the ftp are different from the files given in the resources link… "
Many thanks for your hint. I really had to respawn the target around 4-5 times until the port was open… did not have such “issues” in other modules yet… but additional your hint was very good 
thank you
try this wget -m --no-passive ftp://<DEFAULT_CRED>:<DEFAULT_CRED>@< FQDN/IP>:2121 -starttls ftp 