LAMP CTF8

FTP

FTP Server

Anonymous Login

Login into the ftp server's anonymous account.

  • username: anonymous
  • password: you can type in anything (often a valid email address is requested)
sh$ ftp 192.168.120.123
Connected to 192.168.120.123.
220 (vsFTPd 2.0.5)
Name (192.168.120.123:ctf8): anonymous
331 Please specify the password.
Password: 
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x    2 0        0            4096 Jun 05  2013 pub
226 Directory send OK.

ftp> cd pub
250 Directory successfully changed.

ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--rw-    1 0        0              39 Jun 05  2013 key
226 Directory send OK.

ftp> get key
local: key remote: key
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for key (39 bytes).
226 File send OK.
39 bytes received in 0.00 secs (41.8067 kB/s)

References

  • https://tools.ietf.org/html/rfc1635
ftp> ls -l
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--rw-    1 0        0              39 Jun 05  2013 key
226 Directory send OK.


As we can see from the 'ls' output, the 'key' file is writable by the 'other' group. Maybe we can use this information later.