Please send me the command you use to download the ftp server. I cant login to any ftp server
What command did you use to download the file
Thank you for this post, I was stuck here too. I think there are 2 ways to get the real password from here
- Enumerate it with “john” using the “o1” rule (generates 752 passwords) starting with the wrong one. Then use hydra with this short list.
- Brute force it with hydra, but use the “-t 64” flag and rockyou.txt. This took about 10 minutes so its a valid way to go as well. Don’t get nervous reading the hydra output saying “639h to go”.
It is easy when you know what you are looking for. It is a nightmare if you are stuck like I was 
1 Like
Yay! Thanks!!
This lab was a waste of time and something I would expect from Offensive Security. FTP lab doc " With the usernames, we could attack the services like FTP and SSH and many others with a brute-force attack in theory. However, in reality, fail2ban solutions are now a standard implementation of any infrastructure that logs the IP address and blocks all access to the infrastructure after a certain number of failed login attempts."
If you use the first password file in SecList “2020-200_most_used_passwords.txt” and hydra its maybe a minute to get the password. I hope this is not what the actual final will look like. Stop wasting peoples time with this nonsense.
1 Like
I went down the completely wrong rabbitthole for this. I found it initially but didn’t do the right ls option. Spent the whole day researching proxy ftp and passive ftp.
Hey can you please guide me.! Really beating my head
What I have done:
Logged in with ftp with the cerd in the module
found nothing
Downloaded all files with wget -m … Got a folder with nothing.
ls -la inside that folder gives a file “.listing”
cat .listing gives nothing.
Please please help me!
Hey Guys,
I don’t whether I’m stupid or something does not work as intended… I found the id_rsa quite quickly but when I tried to connect to the machine via ssh from my local VM (yes I had an active VPN tunnel) I always got a
“Connection closed by port 22”.
Every other service worked just fine. I was able to connect via ftp and was able to enumerate the dns server.
I then used the in-browser VM and I was able to ssh into the machine. It was kind of frustrating and I realy started doubting myself as I tried to use ssh from my local VM for almost an hour. Did I miss sth or does the lab not work for ssh over vpn?
nvm… I was stupid… something was wrong with the vpn config…
for any body who is still having problems with this lab here is the solution.
enumerate the target with Nmap and acess the open tcp port 2121 using credentials provided, download all files to your locall machine using the command avaialble on the cheatsheets, when you open the files ,you find your keys ,public and private .you need to activate the keys and change permissions before you can use them(private key) check the commands to do that after that use a special ssh comman that will also accept your keys along with your username and password .when you log in to the target simply comb the target for a flag directory and your flag will be in a flag.txt file.thanks i hope it helps .
The real FTP server is located on port 2121. FTP via port 2121 to locate the target’s ssh configuration files. You will then need to authenticate your VM keys to the target public keys in order to ssh into the target server.
1 Like
Hey, how come it works on port 2121 but not 21? As far as I understand, port 21 is the FTP server, port 2121 is an FTP proxy but I dont really understand what that means - is anyone able to explain?
get < file-name >
- On ftp there are files… find way to view hidden files / check both ftp ports
- Find way to download these files.
- Find ways to use one of the files and log in using SSH.
Tip: any errors that throw when you do a command… copy and paste in Google. Find out what each does.
You will need to use Google and research but try think of what you are doing each step above.
I have the same problem, I have been overwhelmed for 2 hours, I have tried all the commands with all the possible flags 