Footprinting Lab - easy

Kuja686 · August 3, 2023, 7:40am

Hey Guys,

I don’t whether I’m stupid or something does not work as intended… I found the id_rsa quite quickly but when I tried to connect to the machine via ssh from my local VM (yes I had an active VPN tunnel) I always got a
“Connection closed by port 22”.
Every other service worked just fine. I was able to connect via ftp and was able to enumerate the dns server.

I then used the in-browser VM and I was able to ssh into the machine. It was kind of frustrating and I realy started doubting myself as I tried to use ssh from my local VM for almost an hour. Did I miss sth or does the lab not work for ssh over vpn?

Kuja686 · August 4, 2023, 2:34pm

nvm… I was stupid… something was wrong with the vpn config…

pegasus · August 15, 2023, 10:41am

for any body who is still having problems with this lab here is the solution.
enumerate the target with Nmap and acess the open tcp port 2121 using credentials provided, download all files to your locall machine using the command avaialble on the cheatsheets, when you open the files ,you find your keys ,public and private .you need to activate the keys and change permissions before you can use them(private key) check the commands to do that after that use a special ssh comman that will also accept your keys along with your username and password .when you log in to the target simply comb the target for a flag directory and your flag will be in a flag.txt file.thanks i hope it helps .

samuts · August 26, 2023, 2:24pm

The real FTP server is located on port 2121. FTP via port 2121 to locate the target’s ssh configuration files. You will then need to authenticate your VM keys to the target public keys in order to ssh into the target server.

Jeremys556 · September 11, 2023, 12:00am

Hey, how come it works on port 2121 but not 21? As far as I understand, port 21 is the FTP server, port 2121 is an FTP proxy but I dont really understand what that means - is anyone able to explain?

MrBabaYaga · September 23, 2023, 5:37pm

get < file-name >

MrBabaYaga · September 23, 2023, 5:54pm

On ftp there are files… find way to view hidden files / check both ftp ports
Find way to download these files.
Find ways to use one of the files and log in using SSH.

Tip: any errors that throw when you do a command… copy and paste in Google. Find out what each does.

You will need to use Google and research but try think of what you are doing each step above.

f4br1k · November 20, 2023, 5:21pm

I have the same problem, I have been overwhelmed for 2 hours, I have tried all the commands with all the possible flags

jbanday · December 2, 2023, 8:01pm

Go to the link below to get the flag.txt file:

urhom3yr4hul · February 13, 2024, 9:15am

Oh man, an interesting one. Got it done.

ali88 · February 27, 2024, 5:56am

you have to use the port number too. the command should look like this
wget -m --no-passive ftp://username:password@ip:portnumber/

Don’t forget the slash after the port number

will26254 · March 7, 2024, 6:19pm

As long as you are not using exploits! the directions of scope don’t allow them. I realize this is old just wanted to add it. I am stuck on this problem as well. not using msf however. it appears ports 53 21 2121 are open. proxy ftp and dns. However no listing is available for the ftp in either port so im lost looking for hints.

jilliandoe1 · March 17, 2024, 6:09pm

Can you clarify what you mean by activating the keys and changing permissions? Are you referring to chmod on the keys?

jilliandoe1 · March 17, 2024, 6:27pm

I was able to figure this one out. Here are hints:

use the pwnbox. When I used the local vm, all ports were filtered.
look for hidden folders once you connect to ftp servers.
download the file that will give you access to other connections (ftp/ssh)
look at bash history to see where the flag might be.

koyanek · April 4, 2024, 3:04am

Thank you so much for this tip! I solved it!

MindFlare · April 24, 2024, 4:04am

I solved it with port 2121 but is there any other way we can get flag ?? like i am too focused on DNS nut dont get anything except some subdomains by bruteforcing it

asecsys · April 27, 2024, 6:29pm

anybody able to get a root on this one? was interested in the /cry0lit3 user dir

DotDragon · May 7, 2024, 3:37pm

Hello Asecsys.

Are you still having trouble on this lab? If so, can you provide me what you’ve done so far and any trains of thought you may have on how to go about solving this?

Thank you,

DotDragon

DaddyBigFish · May 8, 2024, 9:46pm

Cheatsheet needs updating to:

Download all available files on the target
wget -m --no-passive ftp://anonymous:anonymous@target:PORT

Jacsson · May 21, 2024, 3:33pm

Hi ckacks!!

The key is to do the same thing with wget, but on port 2121
Then it’s just give 600 permissions to the id_rsa file
Finally connect to the system with ssh and browse the directories for find the flag.txt

Good Loock…

Topic		Replies	Views
Footprinting Lab - Easy (how to get first credentials) Academy	2	1941	April 20, 2023
HTB Academy : Footprinting Skills Assessment Lab - Hard Academy	40	8504	June 26, 2024
Footprinting hard lab Academy	16	2879	May 7, 2024
Attacking Common Services - Medium	12	1544	January 7, 2024
Footprinting Lab - Easy Academy	0	1053	July 19, 2022

Footprinting Lab - easy

Related topics