Tenocijam writes

HackTheBox Starting Point Tier 0 machine: Fawn Walkthrough

Complete walkthrough with answers for the hackthebox machine: Fawn

Sidharth H's photo
Sidharth H
·

4 min read

HackTheBox Starting Point Tier 0 machine: Fawn Walkthrough

Table of contents

Setup

First, we need to connect to the HTB network. There are two different methods to do the same:

  1. Using Pwnbox
  2. Using OpenVPN

(Click here to learn to connect to HackTheBox VPN)

Introduction

This machine helps us to familiarize ourselves with the File Transfer Protocol (FTP).

The File Transfer Protocol (FTP) is a standard communication protocol used to transfer computer files from a server to a client on a computer network.

You can read more about FTP on this Wikipedia article

Scanning and enumeration

1 spawn machine.png

After our connection to the HTB network is successfully established, we can spawn the target machine from the Starting Point lab’s page by clicking on “SPAWN MACHINE” as show above. After spawning the machine, we can check if our packets reach their destination by using the ping command.

2 ip address.png

Grab the IP address of your current target and paste it into your terminal after typing in the ping command. After 4-5 successful replies from the target, we can confirm that our connection is formed and stable. By pressing the Ctrl + C combination on our keyboard, we will cancel the ping command and we will get back the control of the terminal tab.

3 ping.png

Now let's start scanning the target using nmap. nmap will send requests to the target's ports in hopes of receiving a reply, thus determining if the said port is open or not.

We can use the following nmap command: sudo nmap -sV {target_ip}

{target_ip} has to be replaced with the IP address of the Fawn machine.

The -sV switch is used to display the version of the services running on the open ports.

4 nmap scan.png

After the completion of the scan, we can see that port 21/tcp is open and is running the FTP service.

Foothold

Now it's time to interact with the target

5 ftp install.png

If FTP is not installed in our system, you can install it using the command sudo apt install ftp -y

The -y switch is used to automatically assume “yes” as answer to all the prompts that might occur during the installation process.

We can use the following command to connect to the target host: ftp {target_ip}

The prompt will ask us for the username we want to log in with.

If the FTP service is poorly configured, it will allow an anonymous account to access the service like any other authenticated user. On inputting the anonymous username and a random password, we can see that we have successfully logged into ftp. Our terminal changes in order to show us that we can now issue FTP commands.

6 ftp login.png

We can now use the help command to see view which commands are available to us

7 ftp help.png

Let's use the ls command and see the files available in the current directory

8 ftp ls.png

9 ftp flag download.png

In order to download the flag.txt file to our system, we can use the get command followed by the filename. If unable to download the file using get, go back and connect to FTP using sudo. The file gets downloaded to the directory you were in when you issued the ftp {target_ip} command.

Now we can exit the FTP service using exit command and come back to our host machine.

10 list files.png

By using the ls command, we can see that there is a file called flag.txt in our current directory and using cat command we can see the contents of the file.

11 submit flag.png

Copy the flag and paste it into the Starting Point lab's page to complete your task.

Congrats, you have just pwned Fawn! 👏

Task answers

Task 1: What does the 3-letter acronym FTP stand for?

File Transfer Protocol

Task 2: Which port does the FTP service listen on usually?

21

Task 3: What acronym is used for the secure version of FTP?

SFTP

Task 4: What is the command we can use to send an ICMP echo request to test our connection to the target?

ping

Task 5: From your scans, what version is FTP running on the target?

vsftpd 3.0.3

Task 6: From your scans, what OS type is running on the target?

Unix

Task 7: What is the command we need to run in order to display the 'ftp' client help menu?

ftp -h

Task 8: What is username that is used over FTP when you want to log in without having an account?

anonymous

Task 9: What is the response code we get for the FTP message 'Login successful'?

230

Task 10: There are a couple of commands we can use to list the files and directories available on the FTP server. One is dir. What is the other that is a common way to list files on a Linux system.

ls

Task 11: What is the command used to download the file we found on the FTP server?

get

🚩Root flag:

035db21c881520061c53e0536e44f815
#HackTheBoxCTFpentesting#walkthrough2Articles1Week