Fawn Write-up - Nikola's Digital Garden

#readwise # Fawn Write-up ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/default-book-icon-7.09749d3efd49.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Fawn Write-up - Full Text: [[Fawn Write-up.pdf]] ## Highlights **FTP can be easily misconfigured if not correctly understood. There are cases where an employee of the client company we are assessing might want to bypass file checks or firewall rules for transferring a file from themselves to their peers.** Considering the many different mechanisms for controlling and monitoring data flow within an enterprise network today, this scenario becomes a substantial and viable case we might meet in the wild. At the same time, FTP can be used to transfer log files from one network device to another or a log collection server. Suppose the network engineer in charge of handling the configuration forgets to secure the receiving FTP server properly or does not put enough importance on the information contained within the logs and decides to leave the FTP service unsecured intentionally. In that case, an attacker could gain leverage of the logs and extract all kinds of information from them, which can later be used to map out the network, enumerate usernames, detect active services, and more. (Page 1) --- **The File Transfer Protocol (FTP) is a standard communication protocol used to transfer computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data connections between the client and the server. ... For secure transmission that protects the username and password and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).** (Page 1) ^07z9x8 --- A port running an active service is a reserved space for the IP address of the target to receive requests and send results from. **If we only had IP addresses or hostnames, then the hosts could only do 1 task at a time. This means that if you wanted to browse the web and play music from an application on your computer simultaneously, you could not, because the IP address would be used for handling either the first or the latter, but not both at the same time.** By having ports, you can have one IP address handling multiple services, as it adds another layer of distinction. (Page 2) ^vksftl --- it is considered non-standard for FTP to be used without the encryption layer provided by protocols such as SSL/TLS (FTPS) or SSH-tunneling (SFTP). **FTP by itself does have the ability to require credentials before allowing access to the stored files. However, the deficiency here is that traffic containing said files can be intercepted with what is known as a Man-in-the-Middle Attack** (MitM). (Page 3) ^ypqf2f ### Foothold **A typical misconfiguration for running FTP services allows an anonymous account to access the service like any other authenticated user.** The anonymous username can be input when the prompt appears, followed by any password whatsoever since the service will disregard the password for this specific account. (Page 9) ^pzu1qi ---