I don’t whether I’m stupid or something does not work as intended… I found the id_rsa quite quickly but when I tried to connect to the machine via ssh from my local VM (yes I had an active VPN tunnel) I always got a
“Connection closed by port 22”.
Every other service worked just fine. I was able to connect via ftp and was able to enumerate the dns server.
I then used the in-browser VM and I was able to ssh into the machine. It was kind of frustrating and I realy started doubting myself as I tried to use ssh from my local VM for almost an hour. Did I miss sth or does the lab not work for ssh over vpn?
for any body who is still having problems with this lab here is the solution.
enumerate the target with Nmap and acess the open tcp port 2121 using credentials provided, download all files to your locall machine using the command avaialble on the cheatsheets, when you open the files ,you find your keys ,public and private .you need to activate the keys and change permissions before you can use them(private key) check the commands to do that after that use a special ssh comman that will also accept your keys along with your username and password .when you log in to the target simply comb the target for a flag directory and your flag will be in a flag.txt file.thanks i hope it helps .
The real FTP server is located on port 2121. FTP via port 2121 to locate the target’s ssh configuration files. You will then need to authenticate your VM keys to the target public keys in order to ssh into the target server.
Hey, how come it works on port 2121 but not 21? As far as I understand, port 21 is the FTP server, port 2121 is an FTP proxy but I dont really understand what that means - is anyone able to explain?
As long as you are not using exploits! the directions of scope don’t allow them. I realize this is old just wanted to add it. I am stuck on this problem as well. not using msf however. it appears ports 53 21 2121 are open. proxy ftp and dns. However no listing is available for the ftp in either port so im lost looking for hints.
I solved it with port 2121 but is there any other way we can get flag ?? like i am too focused on DNS nut dont get anything except some subdomains by bruteforcing it
Are you still having trouble on this lab? If so, can you provide me what you’ve done so far and any trains of thought you may have on how to go about solving this?