Academy: Attacking Common Services | Attacking FTP

As anonymous should we be able to download both files? I can only download one.

Im stuck in here as well.... Did you manage to solve it...I cant get the password and can`t sign in anonymously to any service…

Hello… how were you “confused” hahaha Ive been stuck for a while in this one... cant get anything from hydra…

Hi, login to FTP anonymously and the files you’ll find in FTP will do the rest.

Hello! Thanks for the reply, I was login incorrectly throught FTP… I got it now :slight_smile: :slight_smile: Thanks!

1 Like

I can’t even find the port… please help only 22,53,139,445…

sudo nmap -sC -sV -T5 -Pn -v -p-

Hey did you find the FTP port?

i can’t but the answer is 2121 i believe there’s an issue with the box

Yeah, I’ve spawned the target machine like 10 times now.

So , here’s the road so far on attacking common services - FTP.

Hard as ■■■■ to find the port, found it after several reboots of the box.
Used hydra on FTP with the lists provided, found a matching ID/pwd after several attempts.
The ID i found isnt the right one (doesnt validate the second question).
I cant log on SSH with this credential.
Guessed the right login after lurking on the forums.
I attacked the FTP & SSH services with the “right” login and the password list provided, nothing so far.

BTW, cant even log anonymously, nmap states “port 2121/tcp closed”

What am i doing wrong ?

The creds i found are for the next task - smb - but cant get a SSH logon with them ( Error: Permission denied (publickey)).
The plot thickens…

anonymous login is working… you need to restart the machine a couple of times… BTW i am stuck at R**** user’s password… bruteforcing is not working

Found port but cant use annnounymous to authenticate…even restarts did not help… did I miss something?

i will give you a hint:

  • sometimes you don’t need to login, what you need to do is just download all the files available through FTP using wget command.

THanks for the HINT. Actually for those who are stuck in the same question. My advise is :" The file in the ftp are different from the files given in the resources link… :slight_smile: "

Many thanks for your hint. I really had to respawn the target around 4-5 times until the port was open… did not have such “issues” in other modules yet… but additional your hint was very good :smiley: thank you

try this wget -m --no-passive ftp://<DEFAULT_CRED>:<DEFAULT_CRED>@< FQDN/IP>:2121 -starttls ftp :face_with_monocle:

It’s unfortunate the lab is still not working properly.

It does work but is flaky and requires patience.

Some suggestions:

  1. Like suggested in the module, wait 2 minutes after the box starts up and then verify that the FTP service is running.
  2. Even if the nmap scan does not report anonymous login, it does not mean you can’t anonymously fetch files from the FTP server. There are plenty of good tips in here about this.
  3. When brute-forcing the FTP to get SSH credentials, try using GitHub - lanjelot/patator: Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage., it is faster than medusa but won’t overwhelm the server like Hydra may.

Best of luck.