TryHackMe — Network Services — FTP
Hey hackers! This blog will be the final walkthrough of the first three-part TryHackMe Network Services lab where I will enumerate and exploit a variety of network services and configurations.
Understanding FTP
What communications model does FTP use?
- client-server
What’s the standard FTP port?
- 21
How many modes of FTP connection are there?
- 2
Enumerating FTP
Run an nmap scan of your choice.
How many ports are open on the target machine?
- 2
What port is ftp running on?
- 21
What variant of FTP is running on it?
- vsftpd
Great, now we know what type of FTP server we’re dealing with we can check to see if we are able to login anonymously to the FTP server. We can do this using by typing “ftp [IP]” into the console, and entering “anonymous”, and no password when prompted.
What is the name of the file in the anonymous FTP directory?
- PUBLIC_NOTICE.txt
What do we think a possible username
could be?
- Mike
Exploiting FTP
What is the password for the user “mike”?
- password
Bingo! Now, let’s connect to the FTP server as this user using “ftp [IP]” and entering the credentials when prompted
What is ftp.txt?
- THM{y0u_g0t_th3_ftp_fl4g}
Another insightful and fun lab this was. If you gained anything from this blog or found it interesting please let me know by giving me a clap or a follow. Stay tuned for more cybersecurity related contents.
