Crocodile
Resolution summary
- Anonymous login to FTP revealed login credentials
- Login credentials allowed access to dashboard on web app
Improved skills
- Utilizing found credentials for other services
Used tools
- nmap
- gobuster
- Browser
Information Gathering
Nmap Scan
### 10.129.90.181
| Port | State | Service | Version |
|------|-------|---------|---------|
| 21/tcp | open | ftp | |
| 80/tcp | open | http | |
Enumeration
Port 21 - FTP
Port 21 had anonymous login enabled. Retrieved all the files and found credentials
Port 80 - HTTP
Web app was found:
Ran gobuster to find any folders. Found assets and dashboard that had any relevance. Assets folder had nothing really interesting, but could go back if needed
Redirected to a login page, used credentials found in FTP enumeration to login.
Exploitation
Credential List Exposure
Used unauthorized exposure to a credential list to log into a web application to find the flag.
Lateral Movement to user
not necessary for flag
Privilege Escalation
not necessary for flag