HTB 0x01

点击此处获得更好的阅读体验

---

WriteUp来源

https://dunsp4rce.github.io/csictf-2020/linux/2020/07/22/HTB-0x01.html

by vishalananth

题目描述

I forgot my 'flag.txt' file on the server...

题目考点

解题思路

I ran a detailed nmap scan on the given IP using:

nmap -vvv -Pn -A 34.93.37.238
5001/tcp  open   ftp              syn-ack      vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_Can't get directory listing: PASV IP 10.160.0.2 is not the same as 34.93.37.238
| ftp-syst: 
|   STAT: 
| FTP server status:
|      Connected to ::ffff:49.207.139.203
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      At session startup, client count was 4
|      vsFTPd 3.0.3 - secure, fast, stable
|_End of status

There is an open TCP port - 5001 which accepts FTP connections. So I tried to open a FTP connection using:

ftp 34.93.37.238 5001

But somehow I was not able to run any command as it was not able to enter passive mode. So I downloaded

ncftp FTP client and ran

ncftp -P 5001 34.93.37.238

It worked and I was able to get the flag using

cat pub/flag.txt

Flag

csictf{4n0nym0u5_ftp_l0g1n}