AFZ-logo

JeeZy Blog

crocodile

Crocodile writeup

Task 1


What Nmap scanning switch employs the use of default scripts during a scan?

Answer : -sC

crocodile_1 Here I am using the combination of -sV (for versions) and -sC (default scripts) => -sVC

Task 2


What service version is found to be running on port 21?

Answer : vsftpd 3.0.3

vsftpd (Very Secure FTP Daemon) is a secure and fast FTP server for UNIX-like systems. It's designed with security in mind, offering features like chroot jails and per-user configuration. vsftpd is known for its speed, stability, and support for virtual users. It's commonly used on servers where security and performance are priorities.

Task 3


What FTP code is returned to us for the "Anonymous FTP login allowed" message?

Answer : 230

Task 4


After connecting to the FTP server using the ftp client, what username do we provide when prompted to log in anonymously?

Answer : anonymous

crocodile_2 Here I am using the ftp -a switch to connect as anonymous

Task 5


After connecting to the FTP server anonymously, what command can we use to download the files we find on the FTP server?

Answer : get

crocodile_3 We already knew what files are on the ftp server (see the previous nmap default script output but I am using dir here to list them just in case and show you another basic command you should know :) Also, get the allowed.userlist.passwd file too !

Task 6


What is one of the higher-privilege sounding usernames in 'allowed.userlist' that we download from the FTP server?

Answer : admin

crocodile_4 The golden (higher-priviledged) accounts (the ones you should aim for) are usually admin, root, administrator, superuser, sysadmin

Task 7


What version of Apache HTTP Server is running on the target host?

Answer : Apache httpd 2.4.41

Found in the previous nmap scan

Task 8


What switch can we use with Gobuster to specify we are looking for specific filetypes?

Answer : -x

Task 9


Which PHP file can we identify with directory brute force that will provide the opportunity to authenticate to the web service?

Answer : login.php

I am using a wordlist coming from the well-known SecLists (I highly suggest you to download it for future usage)

crocodile_5 We got numerous well-known php files with the directory brute force, the one the question here is implying is the login.php. If you want to know more about the gobuster tool check its man page or cheatsheets.

Task 10


Submit root flag

On the /login.php page, I am trying to connect using the admin username and the passwords that we retrieved on the ftp server :

crocodile_6

The flag is just behind this login page

Answer : Get your own !

AFZ-logoJeeZy Blog

© 2024-2025 JeeZy Blog