I found the files. Thanks.
When i use wget -m ...etc the folder is empty. Can you give me a hint?
Hi, try to do the same query to the other FTP port (if you do a scan with nmap you will find the port 21 and the port 2121). This is my hint. Try to do this and go ahead by yourself.
1 Like
Hey guys, for some reason I can’t find the shh keys stored in the FTP server. I understand we are suppose to download all files from the proxy ftp server (2121) but I’m not seeing any keys when after I wget, then ls -la on my machine. I may be missing something simple here.
Did you ever get an answer to this question? I finished the lab, but I needed to use the hint. I made attempts at brute forcing but couldn’t find anything. Not sure how this is done. It’d be great to know.
If you can pm me with how you managed to get the password through brute force that’d be awesome. I had to use the hint.
No, never got an answer from anybody.
Cheers dude
if you are still wondering, I personally used a tool called hydra which allows you to try to brute force ftp passwords. I used the rockyou.txt file as suggested but it takes a while, even if you set the number of simultaneous tries to 64 (the maximum the tool can handle).
Happy hacking.
1 Like
I appreciate it! Someone ended up answering me soon after.
Did you get it, Gabo?
Yes! I don’t remember exactly what was my problem. But I think it’s related to hidden files 
1 Like
I type the wget -m --no-pasive…ip:2121 and it seems to download the files but then I can`t open them… the downloaded folder appears empty… Could someone give me any hint!
1 Like
Hey guys, I have downloaded the files from the server but I cannot seem to find the ssh keys. It appears the directory is empty. Any direction you can point me in would be greatly appreciated.
stuck on this as well. Downloaded and folder with only a .listing file. Any suggestions?
nvm got it!
use ls -latr you are not seeing files and dir starting with a .
Our goal is to gather as much information as possible about the server and find ways to use that information against the company. However, our client has made it clear that it is forbidden to attack the services aggressively using exploits, as these services are in production.
Has anyone managed this without the hint? The companies scope pretty much says no brute-forcing to me.
Be nice to know a way if there is one being an easy lab 
2 Likes
After reading all the above tips, using the given vm of htb academy (in the browser) actually did the trick. Same command but finally downloading all files and not aborting in the middle.
1 Like
So some pointers to this challenge:
Remember there is two ftp servers. One by default port 21 and one by 2121. Figure out how to connect to a non-standard ftp server.
Use the cheatsheets. Nobody is going to remember everything. Use the “intel” provided i.e the hints. You dont lose points. Information Gathering is crucial and if they provide hints use them. So you know about the user ceil. Download the files.
Get out of the habit is “ls” always “ls -la” or make it fun and do “ls -shila” one my favorite ways to remember. Refer back to the ftp section. There are places you might see useful info.
The hint touches on permissions. Refer to your notes on previous sections.
Figure out how to pass another “key” over an ssh command to connect to the main ssh server.
1 Like