First we use nmap to scan for an open port (exchange ip with the actual ip address of the server)
nmap -Pn ip
The output should include something like
PORT STATE SERVICE 21/tcp open ftp
To get additional information:
sudo namp -sV ip
Relevant output:
PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 Service Info: OS: Unix
Let's try to connect with default credentials:
ftp ip
It will ask for a user name. We will try anonymous and no passwort (just hit enter). Output should include:
230 Login successful.
Let's list the directory's content
ls
The output should include
150 Here comes the directory listing. -rw-r--r-- 1 0 0 32 Jun 04 2021 flag.txt
We can download the flag with
get flag.txt
Then we can exit the ftp connection with
exit
And check if the flag was successfully downloaded with
ls
Then, if the flag.txt is there, display it:
cat flag.txt
Then copy and paste the string and submit the flag!