I’ve been trying to figure this one out for ~2 weeks.
I feel like DNS is the entry point, but I am out of ideas. Could someone please help?
Have you found a username?
No, unfortunately. Am I supposed to use the provided userlist or something else?
The clue is to accuratly enumerate a nonstandard open port.
Thank you. It was pretty straightforward after scanning all ports 
Would anyone be able to help provide a nudge for this? I feel like I’m missing something obvious, but I don’t seem to be getting anywhere with the 4 ports showing as open for this. I’ve done all of the same checks as the OP and found an interesting sounding subdomain, but nothing past that.
Hi. Are we supposed to brutefore the nonstandard port? I’ve tried that and still got nothing
Scan all the 65535 ports.
login to ftp and find mynotes.txt
brute force ssh using mynotes.txt
login to ssh, find the flag.
Happy Hacking
How do you login to FTP? Anonymous isnt working for me
which port did you use to login???
2121
There is one more ftp port other than 21 and 2121, scan all 65535 ports you will get it.
try 3002*