Attacking Common Services - Medium

I’ve been trying to figure this one out for ~2 weeks.

  • I tried brute forcing SSH and FTP.
  • I tried enumerating usernames using smtp-user-enum on ports 110 and 995 using the provided usernames list and another bigger list.
  • I found a zone transfer, but couldn’t get anywhere from there.
  • I even tried enumerating the subdomains.

I feel like DNS is the entry point, but I am out of ideas. Could someone please help?

Have you found a username?

1 Like

No, unfortunately. Am I supposed to use the provided userlist or something else?

The clue is to accuratly enumerate a nonstandard open port.


Thank you. It was pretty straightforward after scanning all ports :slight_smile:


Would anyone be able to help provide a nudge for this? I feel like I’m missing something obvious, but I don’t seem to be getting anywhere with the 4 ports showing as open for this. I’ve done all of the same checks as the OP and found an interesting sounding subdomain, but nothing past that.

Hi. Are we supposed to brutefore the nonstandard port? I’ve tried that and still got nothing

Scan all the 65535 ports.

login to ftp and find mynotes.txt

brute force ssh using mynotes.txt

login to ssh, find the flag.

Happy Hacking

How do you login to FTP? Anonymous isnt working for me

which port did you use to login???


There is one more ftp port other than 21 and 2121, scan all 65535 ports you will get it.

1 Like

try 3002*