Firstly, let's check for open ports and additional information. Exchange ip with the machines actual IP address.
nmap -v -sV -sC ip
The output should include something like this:
PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3
Let's login to the ftp.
Type in the username "anonymous". You should be logged in now. Let's list the directories and files:
Let's download the two files:
get allowed.userlist get allowed.userlist.passwd
And close the ftp connection
Time to check the files:
aron pwnmeow egotisticalsw admin
root Supersecretpassword1 @BaASD&9032123sADS rKXM59ESxesUFHAd
Now it's time to brute force the directories with GoBuster and look for the .php file that will provide the opportunity to authenticate to the web service. Don't forget to exchange ip with the machines IP address:
gobuster dir --url http://ip/ --wordlist /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -x php,html
It is obviously "login.php". Now, copy the machines IP address into a web browser and add /login.php to the end of it. Then type in the credentials that we discovered previously.
Username: admin Password: rKXM59ESxesUFHAd