Ftp

ServMon is an easy windows machine, Getting user is by exploiting Local File Inclusion from the website and get user password from his desktop and Privilege Escalation is by exploiting NSClient++ and …

We are going to pwn Access from Hack The Box. Link: https://www.hackthebox.eu/home/machines/profile/156 Let’s Begin with our Initial Nmap Scan. Nmap Scan Results: PORT STATE SERVICE VERSION 21/tcp open ftp Microsoft ftpd | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_Can't get directory listing: PASV failed: 425 Cannot open data connection. | ftp-syst: |_ SYST: Windows_NT …

We are going to pwn Netmon from Hack The Box. Link : https://www.hackthebox.eu/home/machines/profile/177 Let’s Begin with our Initial Nmap Scan. Nmap Scan Results: PORT STATE SERVICE VERSION 21/tcp open ftp Microsoft ftpd 80/tcp open http PRTG/18.1.37.13946 |_http-server-header: PRTG/18.1.37.13946 135/tcp open msrpc? 139/tcp open netbios-ssn? 445/tcp open microsoft-ds? Warning: OSScan …

creds.txt

So anonymous is having log.txt in /backups which is readable.

Hack The Box - ServMon

Hack The Box - Access

Hack The Box - Netmon

Vulnhub - Djinn

Vulnhub - Symfonos 2