Zetta

Starting the discussion. Who’s ready for this?

Ready, steady go! But not sure if it is a rabbit hole :wink:

is that bounce back the right way to go

Having 62^32 credentials is definitely interesting. Don’t know what to do with it yet though, ideas?

got the creds used them on f*p got nothing, still working on it.

Spoiler Removed

i have no idea what i have to do with those creds and an ftp service

Any random string of 32 characters works as the username and password for the ftp!

yup. ftp supports fxp too, don’t know what to do with any of these informations though.

@charlesjameson where’d you find those other creds? Can’t find anything else other than the 32chars for ftp on the page

google :slight_smile:

from the show '‘the it crowd’

@rowra said:
yup. ftp supports fxp too, don’t know what to do with any of these informations though.

@charlesjameson where’d you find those other creds? Can’t find anything else other than the 32chars for ftp on the page

Can’t seem to log in to FTP with provided creds?
Nevermind, I was trying to login to SFTP

i find some open ports by doing f*p attack , but i don’t know how to benefit from that , can someone give a nudge on what to do next ??

Are others getting FTP command timeouts (even after apparently successful login, seen by looking at traffic, raw ftp commands, or curl -v flag)…

Also, not seeing anything beyond the index page on 80/tcp going light with gobuster so as to not hammer the box…

Hrm.^H

Edit: Ah, passive, you deceiver you.

found access to ftp
Could somebody give hints about next step after ftp?

As any 32 chars username and password is valid i’m wondering if some user left something interesting in some account folder… but which one?

I think it’s something about passive and fxp maybe.

Cool, I lol-ed so hard when i saw the IT crowd reference.

Got user last night… working on root (it’s about building a good dict, right?)

A tip for user: the web page has details on what to try… check that 60%

Type your comment> @julianjm said:

Got user last night… working on root (it’s about building a good dict, right?)

A tip for user: the web page has details on what to try… check that 60%

I was wondering same, incomplete things are always exploitable, but didn’t find more details about Du**-**ck. Can you help me in right direction?
Thanks in advanced.

Do we need to get an IPv6 address somehow?