Starting the discussion. Who’s ready for this?
Ready, steady go! But not sure if it is a rabbit hole
is that bounce back the right way to go
Having 62^32 credentials is definitely interesting. Don’t know what to do with it yet though, ideas?
got the creds used them on f*p got nothing, still working on it.
Spoiler Removed
i have no idea what i have to do with those creds and an ftp service
Any random string of 32 characters works as the username and password for the ftp!
yup. ftp supports fxp
too, don’t know what to do with any of these informations though.
@charlesjameson where’d you find those other creds? Can’t find anything else other than the 32chars for ftp on the page
from the show '‘the it crowd’
@rowra said:
yup. ftp supportsfxp
too, don’t know what to do with any of these informations though.@charlesjameson where’d you find those other creds? Can’t find anything else other than the 32chars for ftp on the page
Can’t seem to log in to FTP with provided creds?
Nevermind, I was trying to login to SFTP
i find some open ports by doing f*p attack , but i don’t know how to benefit from that , can someone give a nudge on what to do next ??
Are others getting FTP command timeouts (even after apparently successful login, seen by looking at traffic, raw ftp commands, or curl -v flag)…
Also, not seeing anything beyond the index page on 80/tcp going light with gobuster so as to not hammer the box…
Hrm.^H
Edit: Ah, passive, you deceiver you.
found access to ftp
Could somebody give hints about next step after ftp?
As any 32 chars username and password is valid i’m wondering if some user left something interesting in some account folder… but which one?
I think it’s something about passive and fxp maybe.
Cool, I lol-ed so hard when i saw the IT crowd reference.
Got user last night… working on root (it’s about building a good dict, right?)
A tip for user: the web page has details on what to try… check that 60%
Type your comment> @julianjm said:
Got user last night… working on root (it’s about building a good dict, right?)
A tip for user: the web page has details on what to try… check that 60%
I was wondering same, incomplete things are always exploitable, but didn’t find more details about Du**-**ck. Can you help me in right direction?
Thanks in advanced.
Do we need to get an IPv6 address somehow?