Academy: Attacking Common Services | Attacking FTP

estoscar · December 5, 2022, 11:18pm

As anonymous should we be able to download both files? I can only download one.

cmarrod · January 19, 2023, 5:18pm

Im stuck in here as well.... Did you manage to solve it...I cant get the password and can`t sign in anonymously to any service…

cmarrod · January 19, 2023, 5:19pm

Hello… how were you “confused” hahaha Ive been stuck for a while in this one... cant get anything from hydra…

BeriContraster · January 20, 2023, 8:13pm

Hi, login to FTP anonymously and the files you’ll find in FTP will do the rest.

cmarrod · January 23, 2023, 11:04am

Hello! Thanks for the reply, I was login incorrectly throught FTP… I got it now Thanks!

jameskhor · January 31, 2023, 12:44pm

I can’t even find the port… please help only 22,53,139,445…

jameskhor · January 31, 2023, 12:45pm

sudo nmap -sC -sV -T5 -Pn -v 10.129.203.6 -p-

Muchiri750 · February 13, 2023, 12:56pm

Hey did you find the FTP port?

jameskhor · February 13, 2023, 2:02pm

i can’t but the answer is 2121 i believe there’s an issue with the box

Muchiri750 · February 13, 2023, 2:38pm

Yeah, I’ve spawned the target machine like 10 times now.

Zhirself · April 20, 2023, 9:23am

So , here’s the road so far on attacking common services - FTP.

Hard as ■■■■ to find the port, found it after several reboots of the box.
Used hydra on FTP with the lists provided, found a matching ID/pwd after several attempts.
The ID i found isnt the right one (doesnt validate the second question).
I cant log on SSH with this credential.
Guessed the right login after lurking on the forums.
I attacked the FTP & SSH services with the “right” login and the password list provided, nothing so far.

BTW, cant even log anonymously, nmap states “port 2121/tcp closed”

What am i doing wrong ?

Zhirself · April 20, 2023, 9:56am

The creds i found are for the next task - smb - but cant get a SSH logon with them ( Error: Permission denied (publickey)).
The plot thickens…

asifabid · May 10, 2023, 11:41am

anonymous login is working… you need to restart the machine a couple of times… BTW i am stuck at R**** user’s password… bruteforcing is not working

R-b3n · May 11, 2023, 7:32pm

Found port but cant use annnounymous to authenticate…even restarts did not help… did I miss something?

LordOsiris · May 12, 2023, 2:32am

i will give you a hint:

sometimes you don’t need to login, what you need to do is just download all the files available through FTP using wget command.

asifabid · May 12, 2023, 7:00am

THanks for the HINT. Actually for those who are stuck in the same question. My advise is :" The file in the ftp are different from the files given in the resources link… "

R-b3n · May 15, 2023, 1:42pm

Many thanks for your hint. I really had to respawn the target around 4-5 times until the port was open… did not have such “issues” in other modules yet… but additional your hint was very good thank you

Nutthanonn · May 26, 2023, 2:35pm

try this wget -m --no-passive ftp://<DEFAULT_CRED>:<DEFAULT_CRED>@< FQDN/IP>:2121 -starttls ftp

Minashi · July 2, 2023, 11:51pm

It’s unfortunate the lab is still not working properly.

tminusplus · July 18, 2023, 4:12pm

It does work but is flaky and requires patience.

Some suggestions:

Like suggested in the module, wait 2 minutes after the box starts up and then verify that the FTP service is running.
Even if the nmap scan does not report anonymous login, it does not mean you can’t anonymously fetch files from the FTP server. There are plenty of good tips in here about this.
When brute-forcing the FTP to get SSH credentials, try using GitHub - lanjelot/patator: Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage., it is faster than medusa but won’t overwhelm the server like Hydra may.

Best of luck.