file

端口扫描

nmap 10.129.171.69
nmap 10.129.171.69 -A -p 21,80

file

允许匿名用户登录, 并且存在两个文件

ftp 10.129.171.69
    Anonymous #登录
    ls     #列出目录
    get allowed.userlist
    get allowed.userlist.passwd
    exit

cat allowed.userlist
cat allowed.userlist.passwd

file

浏览80端口

file

爆破路径

gobuster dir -u 10.129.171.69 -w /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt -x .php

file

用上面文件的信息登录下,获得flag

file file

  • Task 1 What Nmap scanning switch employs the use of default scripts during a scan?

    -sC
  • Task 2 What service version is found to be running on port 21?

    vsftpd 3.0.3
  • Task 3 What FTP code is returned to us for the "Anonymous FTP login allowed" message?

    230
  • Task 4 After connecting to the FTP server using the ftp client, what username do we provide when prompted to log in anonymously?

    Anonymous
  • Task 5 After connecting to the FTP server anonymously, what command can we use to download the files we find on the FTP server?

    get
  • Task 6 What is one of the higher-privilege sounding usernames in 'allowed.userlist' that we download from the FTP server?

    admin
  • Task 7 What version of Apache HTTP Server is running on the target host?

    Apache httpd 2.4.41
  • Task 8 What switch can we use with Gobuster to specify we are looking for specific filetypes?

    -x
  • Task 9 Which PHP file can we identify with directory brute force that will provide the opportunity to authenticate to the web service?

    login.php