As usually start off scanning with snap. The IP for my remote box is

nmap -sV

As shown below, ports 445/TCP and 3389/TCP are open. I’ll go ahead and try RDP into the box to “check the front door”. xfreerdp is a linux tool that established RDP connections.

/cert: Specifies to the scrips that all security certificate usage should be ignored.

/u: Specifies the login username.

/v:{target_IP} : Specifies the target IP.

I tried multiple combinations of usernames and passwords. Administrator with no password worked!

Xfreerdp /cert:ignore /u:Administrator /v:



File transfer protocol uses the client-server model. Filezilla is a popular gui FTP program. FTP is usually active on port 21 TCP. SFTP is the secure version of FTP.

As usual I start with an nmap scan.

nmap -A

The nmap scan shows port 21 TCP open, version vsftpd 3.0.3. Anonymous login is allowed and shows flag.txt available. The anonymous logon is typically a misconfiguration that allows login with any password because the FTP service will disregard it.

Connect to the ftp service with the ftp command. Enter anonymous as the username and enter whatever password you’d like.