Posts for: #Ftp

PG: Banzai

2022-12-12

ターゲット // Banzai
Platform	OffSec Proving Grounds
OS	Linux
Difficulty	Medium
IP	`192.168.89.56`

Recon

Nmap

▶ Full nmap output

20/tcp   closed ftp-data
21/tcp   open   ftp        vsftpd 3.0.3
22/tcp   open   ssh        OpenSSH 7.4p1 Debian 10+deb9u7 (protocol 2.0)
25/tcp   open   smtp       Postfix smtpd
5432/tcp open   postgresql PostgreSQL DB 9.6.4 - 9.6.6 or 9.6.13 - 9.6.19
8080/tcp open   http       Apache httpd 2.4.25
8295/tcp open   http       Apache httpd 2.4.25 ((Debian))

Enumeration

Port 21 - FTP

No anonymous access. No public exploits for vsftpd 3.0.3 (aside from DoS).

[]

HTB: Forge

2022-05-27

#htb #medium #linux #ssrf #ssrf-redirect #ftp #python-pdb

ターゲット // Forge
Platform	HTB
OS	Linux
Difficulty	Medium
IP	`10.129.106.197`

Recon

Subdomain brute-force reveals admin.forge.htb, but it only responds to requests from localhost:

1
2
curl http://forge.htb -H 'Host: admin.forge.htb'
# Only localhost is allowed!

Enumeration

Nmap

▶ Nmap output

21/tcp filtered ftp
22/tcp open     ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.3
80/tcp open     http    Apache httpd 2.4.41

OS: Ubuntu 20.04 (Focal)

[]