目录

TASK 1

TASK 2

TASK 3

TASK 4

TASK 5

TASK 6

TASK 7

TASK 8

TASK 9

TASK 10

TASK 11

SUBMIT FLAG

---

---

TASK 1

---

What does the 3-letter acronym FTP stand for?

File Transfer Protocol (文件传输协议 FTP)

---

TASK 2

---

Which port does the FTP service listen on usually?

21 (ftp一般开放的都是21端口)

---

TASK 3

---

What acronym is used for the secure version of FTP?

sftp

SFTP或安全文件传输协议是一种安全的文件传输协议，使用安全外壳加密为发送和接收文件传输提供高级别的安全性。
SFTP与FTPS的相似之处在于，它使用AES和其他算法来保护数据在不同系统之间传输的安全。

---

TASK 4

---

What is the command we can use to send an ICMP echo request to test our connection to the target?

ping

---

TASK 5

---

From your scans, what version is FTP running on the target?


┌──(root㉿ru)-[~/kali/hackthebox]
└─# nmap -p 21 -sCV  10.129.220.136 --min-rate 10000
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-02-29 13:38 CST
Nmap scan report for 10.10.14.119 (10.129.220.136)
Host is up (1.7s latency).

PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-rw-r--r--    1 0        0              32 Jun 04  2021 flag.txt
| ftp-syst:
|   STAT:
| FTP server status:
|      Connected to ::ffff:10.10.16.16
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      At session startup, client count was 4
|      vsFTPd 3.0.3 - secure, fast, stable
|_End of status
Service Info: OS: Unix

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 47.85 seconds



vsftpd 3.0.3

---

TASK 6

---

From your scans, what OS type is running on the target?


Unix

---

TASK 7

---

What is the command we need to run in order to display the 'ftp' client help menu?


ftp -h

---

TASK 8

---

What is username that is used over FTP when you want to log in without having an account?

anonymous（匿名登录）

---

TASK 9

---

What is the response code we get for the FTP message 'Login successful'?


230 (ftp 登录成功)

---

TASK 10

---

There are a couple of commands we can use to list the files and directories available on the FTP server. 
One is dir. What is the other that is a common way to list files on a Linux system.

ls (列出文件)

---

TASK 11

---

What is the command used to download the file we found on the FTP server?

get (下载ftp服务器文件命令！)

---

SUBMIT FLAG

---

---

使用匿名登陆！ anonymous

---

---

使用get命令下载到本地！

┌──(root㉿ru)-[~/kali/hackthebox]
└─# cat flag.txt
035db21c881520061c53e0536e44f815

---