Day 09 - Anyone can be Santa!
Date: 9, December, 2020
Author: Dhilip Sanjay S
FTP
File Transfer Protocol
Solutions
1) Name the directory on the FTP server that has data accessible by the "anonymous" user
Answer: public
Steps to reproduce:
To connect to FTP server -
ftp <MACHINE IP>.Provide username as
anonymous.Type
lsto list the directories.You'll find that only the public directory is accessible.
2) What script gets executed within this directory?
Answer: backup.sh
3) What movie did Santa have on his Christmas shopping list?
Answer: The Polar Express
Steps to reproduce:
To download the shopping list -
get shoppinglist.txt
4) Re-upload this script to contain malicious data
Answer: THM{even_you_can_be_santa}
Steps to reproduce:
To download the backup.sh -
get backup.shAdd the following script to the file:
Reupload backup.sh -
put backup.sh
Note: You must listen to the connection using
netcat. If you don't know know how to do it, refer Day02. After getting the reverse shell, you cancat flag.txtto get the flag.
Last updated