# Task 1

Q：What does the 3-letter acronym FTP stand for?

A：File Transfer Protocol

# Task 2

Q：What communication model does FTP use, architecturally speaking?

A：client-server model

Q：What is the name of one popular GUI FTP program?

A：FileZilla

Q：Which port is the FTP service active on usually?

A：21 tcp

Q：What acronym is used for the secure version of FTP?

A：sftp

Q：What is the command we can use to test our connection to the target?

A：ping

询问我们目标上开启的什么服务以及版本号

扫描一下

扫描

	┌──(root💀kali)-[~]
	└─# nmap -sV 10.129.214.200
	Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-28 19:22 CST
	Nmap scan report for 10.129.214.200
	Host is up (0.62s latency).
	Not shown: 999 closed tcp ports (reset)
	PORT STATE SERVICE VERSION
	21/tcp open ftp vsftpd 3.0.3
	Service Info: OS: Unix

	Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
	Nmap done: 1 IP address (1 host up) scanned in 8.02 seconds

nmap 中的 -sV 是扫描端口服务以及其版本名称的

因此得到答案

A：vsftpd 3.0.3

Q：From your scans, what OS type is running on the target?

要让我们识别目标机器的操作系统是什么

nmap -O
没有识别出来，但是不要紧，我们可以根据他答案的提示的出答案

A：Unix

Q：Submit root flag

需要我们提交 flag 了

既然之前扫描出来了有 ftp 服务，那么我们就用 ftp 连接一下试试

连接

	┌──(root💀kali)-[~]
	└─# ftp 10.129.214.200

尝试用匿名用户 anonymous
登录试试看，密码为空。

	Connected to 10.129.214.200.
	220 (vsFTPd 3.0.3)
	Name (10.129.214.200:root): anonymous
	331 Please specify the password.
	Password:
	230 Login successful.
	Remote system type is UNIX.
	Using binary mode to transfer files.

ls
查看一下有什么文件

	ftp> ls
	200 PORT command successful. Consider using PASV.
	150 Here comes the directory listing.
	-rw-r--r-- 1 0 0 32 Jun 04 2021 flag.txt
	226 Directory send OK.

发现了 flag.txt ，那么我们 get
下载下来看看

	ftp> get flag.txt
	local: flag.txt remote: flag.txt
	200 PORT command successful. Consider using PASV.
	150 Opening BINARY mode data connection for flag.txt (32 bytes).
	226 Transfer complete.
	32 bytes received in 0.00 secs (187.1257 kB/s)

打开文件就能得到 flag 了