1. Task
Task1
Q:What does the 3-letter acronym FTP stand for?
A: File Transfer Protocol
Task2
Q: Which port does the FTP service listen on usually?
A: 21 port
(FTP Servers usually use 20 port to connect with Clients)
Task3
Q: FTP sends data in the clear, without any encryption. What acronym is used for a later protocol designed to provide similar functionality to FTP but securely, as an extension of the SSH protocol?
A: SFTP(SSH File Transfer Protocol)
Task4
Q: What is the command we can use to send an ICMP echo request to test our connection to the target?
A: ping
Task5
Q: From your scans, what version is FTP running on the target?
A: vsftpd 3.0.3
Task6
Q: From your scans, what OS type is running on the target?
A: Unix
Task7
Q: What is the command we need to run in order to display the 'ftp' client help menu?
A: ftp -h
Task8
Q: What is username that is used over FTP when you want to log in without having an account?
A: anonymous
Task 9
Q: What is the response code we get for the FTP message 'Login successful'?
A: 230
Taks 10
Q: There are a couple of commands we can use to list the files and directories available on the FTP server. One is dir. What is the other that is a common way to list files on a Linux system.
A: ls(<-this is Unix command)
Task 11
Q: What is the command used to download the file we found on the FTP server?
A: get
Submit flag
Q: Submit root flag
A: get flag.txt
2. FTP/SFTP/vsftpd
FTP stands for File Transfer Protocol. This is network protocol which is designed for transferring data from host to another host efficiently.
SFTP is FTP using SSH(Secure SHell). SFTP is safer than FTP. I'll deal with SSH's detail later.
vsftpd(very secure FTP daemon) is FTP Server for UNIX systems(including Linux)
We can access FTP Server by $ftp <server IP> <port(if you want)> or ftp>open <server IP>. In default option, FTP's listening port is 21/tcp and FTP uses 20/tcp for transferring data. We can download file by using get, mget.
If anonymous account is usable, we don't need any password. This is very dangerous, because malicious users can acces FTP server anonymously. Then, Information Leaking, forgery and uploading malicious file(code or script) may be occurred on this policy.
