Footprinting Lab - easy

Yay! Thanks!!

This lab was a waste of time and something I would expect from Offensive Security. FTP lab doc " With the usernames, we could attack the services like FTP and SSH and many others with a brute-force attack in theory. However, in reality, fail2ban solutions are now a standard implementation of any infrastructure that logs the IP address and blocks all access to the infrastructure after a certain number of failed login attempts."

If you use the first password file in SecList “2020-200_most_used_passwords.txt” and hydra its maybe a minute to get the password. I hope this is not what the actual final will look like. Stop wasting peoples time with this nonsense.

1 Like

I went down the completely wrong rabbitthole for this. I found it initially but didn’t do the right ls option. Spent the whole day researching proxy ftp and passive ftp.

Hey can you please guide me.! Really beating my head
What I have done:
Logged in with ftp with the cerd in the module
found nothing

Downloaded all files with wget -m … Got a folder with nothing.
ls -la inside that folder gives a file “.listing”
cat .listing gives nothing.

Please please help me!

Hey Guys,

I don’t whether I’m stupid or something does not work as intended… I found the id_rsa quite quickly but when I tried to connect to the machine via ssh from my local VM (yes I had an active VPN tunnel) I always got a
“Connection closed by port 22”.
Every other service worked just fine. I was able to connect via ftp and was able to enumerate the dns server.

I then used the in-browser VM and I was able to ssh into the machine. It was kind of frustrating and I realy started doubting myself as I tried to use ssh from my local VM for almost an hour. Did I miss sth or does the lab not work for ssh over vpn?

nvm… I was stupid… something was wrong with the vpn config…

for any body who is still having problems with this lab here is the solution.
enumerate the target with Nmap and acess the open tcp port 2121 using credentials provided, download all files to your locall machine using the command avaialble on the cheatsheets, when you open the files ,you find your keys ,public and private .you need to activate the keys and change permissions before you can use them(private key) check the commands to do that after that use a special ssh comman that will also accept your keys along with your username and password .when you log in to the target simply comb the target for a flag directory and your flag will be in a flag.txt file.thanks i hope it helps .

The real FTP server is located on port 2121. FTP via port 2121 to locate the target’s ssh configuration files. You will then need to authenticate your VM keys to the target public keys in order to ssh into the target server.

1 Like

Hey, how come it works on port 2121 but not 21? As far as I understand, port 21 is the FTP server, port 2121 is an FTP proxy but I dont really understand what that means - is anyone able to explain?

get < file-name >

  1. On ftp there are files… find way to view hidden files / check both ftp ports
  2. Find way to download these files.
  3. Find ways to use one of the files and log in using SSH.

Tip: any errors that throw when you do a command… copy and paste in Google. Find out what each does.

You will need to use Google and research but try think of what you are doing each step above.

I have the same problem, I have been overwhelmed for 2 hours, I have tried all the commands with all the possible flags :frowning:

Go to the link below to get the flag.txt file:

Oh man, an interesting one. Got it done. :smiley:

you have to use the port number too. the command should look like this
wget -m --no-passive ftp://username:password@ip:portnumber/

Don’t forget the slash after the port number

As long as you are not using exploits! the directions of scope don’t allow them. I realize this is old just wanted to add it. I am stuck on this problem as well. not using msf however. it appears ports 53 21 2121 are open. proxy ftp and dns. However no listing is available for the ftp in either port so im lost looking for hints.

Can you clarify what you mean by activating the keys and changing permissions? Are you referring to chmod on the keys?

I was able to figure this one out. Here are hints:

  1. use the pwnbox. When I used the local vm, all ports were filtered.
  2. look for hidden folders once you connect to ftp servers.
  3. download the file that will give you access to other connections (ftp/ssh)
  4. look at bash history to see where the flag might be.

Thank you so much for this tip! I solved it!

I solved it with port 2121 but is there any other way we can get flag ?? like i am too focused on DNS nut dont get anything except some subdomains by bruteforcing it