I’ve been trying to figure this one out for ~2 weeks.
I tried brute forcing SSH and FTP.
I tried enumerating usernames using
smtp-user-enum on ports 110 and 995 using the provided usernames list and another bigger list. I found a zone transfer, but couldn’t get anywhere from there.
I even tried enumerating the subdomains.
I feel like DNS is the entry point, but I am out of ideas. Could someone please help?
Have you found a username?
No, unfortunately. Am I supposed to use the provided userlist or something else?
The clue is to accuratly enumerate a nonstandard open port.
Thank you. It was pretty straightforward after scanning all ports
July 26, 2022, 9:57pm
Would anyone be able to help provide a nudge for this? I feel like I’m missing something obvious, but I don’t seem to be getting anywhere with the 4 ports showing as open for this. I’ve done all of the same checks as the OP and found an interesting sounding subdomain, but nothing past that.
October 31, 2022, 11:49am
Hi. Are we supposed to brutefore the nonstandard port? I’ve tried that and still got nothing
Scan all the 65535 ports.
login to ftp and find mynotes.txt
brute force ssh using mynotes.txt
login to ssh, find the flag.
How do you login to FTP? Anonymous isnt working for me
which port did you use to login???
There is one more ftp port other than 21 and 2121, scan all 65535 ports you will get it.