Fawn Walkthrough | HackTheBox
This is a simple walkthrough for completing the Fawn target machine in Hackthebox.com.
Task 1
Question: What does the 3-letter acronym FTP stand for?
Answer: File Transfer Protocol
Task 2
Question: What communication model does FTP use, architecturally speaking?
Answer: Client-Server Model
Task 3
Question: What is the name of one popular GUI FTP program?
Answer: Filezilla
Task 4
Question: Which port is the FTP service active on usually?
Answer: 21 TCP
Task 5
Question: What acronym is used for the secure version of FTP?
Answer: SFTP
Task 6
Question: What is the command we can use to test our connection to the target?
Answer: ping
Task 7
Question: From your scans, what version is FTP running on the target?
Answer: vsFTPd 3.0.3
Task 8
Question: From your scans, what OS type is running on the target?
Answer: Unix
Submit Flag
From the box tags, we can see there are three tags which are ‘Linux’, ‘FTP’, and ‘Account Misconfiguration’. First we can confirm FTP is open by running the following command:
$ nmap 10.129.116.128 -p21 -A
From the above scan, we can confirm FTP is open and running on TCP port 21. We can also confirm from the information in the scan that anonymous FTP login is allowed. FTP is an insecure protocol, thus why SFTP is used for secure connections. FTP does not use encryption for anything. Login credentials like your username and password, as well as the data you download or upload, are transferred in clear text.
Although FTP is an insecure connection and sniffing the packets will reveal the contents, using it internally such as at home is perfectly fine. Transferring data via the internet with FTP is not recommended.
Let’s try and connect using ftp to the remote host. To do this, simply type ftp followed by the IP of the host. If you are getting an error that says ftp command not found, you might not have ftp installed. On a debian based system run:
Install FTP
sudo apt install ftpConnect Via FTP
ftp 10.129.116.128Once you run the command to ftp to the host, you will be prompted to enter the username. The default login username most systems will be ‘anonymous’. When prompted to enter the password, you can just press enter and it will grant you access without a password.
The following screenshot shows a successful login with the username anonymous. You can see what files are available with the ‘ls’ command as shown below.
As you can see, the flags.txt file is available and this is what we are looking for.
To obtain this file, you can run the ‘get’ command followed by the name of the file as shown below. The file will be downloaded in your home directory.
You can use the file explorer to navigate to your home directory or the command line and the flag.txt file will be in there.
