Port enumeration

I found 2 services open, ftp and http. 075720acd63c76b05c382a719efb010a.png

FTP enumeration

The anonymous user is enabled, so, I log in the ftp server.

ftp -p 10.129.32.188 21

ff6c139341a961bbba58060c1dfefa8a.png Inside the ftp server, I found 2 files. 26b39ee896e157d8120596d8ec5d919e.png These files are cordlists of users and passwords. 98065c8749855aa674c29c6ac2a42fb3.png

Web enumeration

The main http page doesn't have anything interesting. 6080fdeea8bf3647ffd02641ce064fc1.png Using ffuf I found a login page.

ffuf -y /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -r .php -u http://10.129.32.188/FUZZ
login.php

Here I found a login form. 3c194e5fa210c4cc6e5454a036a2ebaa.png Using the credentials obtained in the ftp server, I'm able to log ass admin and obtain the flag. b5cbecc38c6571e8816c578d78f73547.png