HTB: Fawn Walkthrough

Courses + Hack The Box Jamie Ngo todayJune 5, 2024 62

Background
share close

A walkthrough of the Fawn room on Hack The Box.


Challenge Type: Offensive | OS: Linux | Difficulty: Very Easy

Question 1: What does the 3-letter acronym FTP stand for?

The answer to this question is File Transfer Protocol.

Question 2: Which port does the FTP service listen on usually?

If you’re unfamiliar with FTP, a quick Google search will provide the answer.

The answer to this question is port 21.

Question 3: What acronym is used for the secure version of FTP?

The answer to this question is SFTP.

Question 4: What is the command we can use to send an ICMP echo request to test our connection to the target?

The answer to this question is ping.

Question 5: From your scans, what version is FTP running on the target?

Complete an nmap scan against the server to get this answer, or see my screenshot below.

The answer to this question is vsFTPd 3.0.3

Question 6: From your scans, what OS type is running on the target?

If you didn’t run nmap with the -O option, then you would need to rerun it to get this answer.

The answer to this question is Unix

Question 7: What is the command we need to run in order to display the ‘ftp’ client help menu?

Rule of thumb if you’re not sure, if you get stuck, the options for help in linux are most of the time either -h or -help.

The answer to this question is ftp -h

Question 8: What is username that is used over FTP when you want to log in without having an account?

I used the hint for this question and the hint told me; “When your name is not known, you are…”

From the hint, the answer is clearly anonymous

Question 9: What is the response code we get for the FTP message ‘Login successful’?

For this question, you need to FTP into the server.

The answer to this question is 230

Question 10: There are a couple of commands we can use to list the files and directories available on the FTP server. One is dir. What is the other that is a common way to list files on a Linux system.

The answer to this is ls

Question 11: What is the command used to download the file we found on the FTP server?

The answer to this question is get

Question 12: Submit the flag located on the FTP server

To view the flag, you have to download the file from the step above, then exit the FTP session. The file should be downloaded to the directory you were in, by default your home directory. From here you can cat the file for the flag.

The answer to this question is: 035db21c881520061c53e0536e44f815

Written by: Jamie Ngo

Tagged as: .

Rate it

Previous post

Similar posts

Post comments (0)