Hack The Box: FAWN Writeup

Hack The Box FAWN Writeup

The FAWN machine is the second challenge in Tier 0 of Hack The Box’s Starting Point series.

To get started with the FAWN machine on Hack The Box, you just need to hit the “Spawn Machine” button. This will boot up the target system.

Start machine

Once the target machine is up and running, the next step is to ensure we have a working connection to it. We can do this by pinging the target IP from our attack machine. This simple check confirms whether our machine can communicate with the target. In my case ping is successful so the connection is established.

Checking Connection

Let’s begin with a nmap scan. Use following command to scan the target IP address.

nmap -A 10.129.1.14

The above command initiates an aggressive scan of the target IP. In this scan, Nmap performs several actions:

• OS detection: Attempts to identify the operating system running on the target machine.
• Version detection: Determines the software versions of services running on open ports.
• Script scanning: Runs Nmap’s default scripts to gather additional information about vulnerabilities or configurations.
• Traceroute: Maps out the network path to the target.

nmap scan results

The scan results indicate that the target system is operating an FTP service on port 21 and is running a Linux-based operating system. Notably, the aggressive scan reveals that anonymous FTP connections are permitted. So, we can log in to the FTP service by using the following command:

ftp 10.129.1.14

We can use anonymous as login and password.

Anonymous ftp login successful

We’ve successfully logged into the target system through the FTP service. Now, let’s list the available files using the ls command, and we’ve located our desired file: flag.txt.

listing files

Now, let’s download the file to our attack machine using the get command.

get flag.txt

downloading flag.txt

We’ve successfully downloaded the flag file. Now, let’s exit the FTP session and verify that the file is on our attack machine by using the ls command and we can see that we have the file.

verifying downloaded file

To view the contents of the flag.txt file, we can use the cat command, as shown below. And just like that—BOOM! We have our desired flag.

captured flag

Submit the captured flag and answer the questions on the box page. Since the questions are straightforward and we’ve already covered everything in the steps explained above so, there’s no need to provide detailed responses here. Simply refer back to our earlier findings, to complete the challenge successfully.

Answered questions on box page

CONGRATULATIONS!!! The FAWN box is completed!

This walkthrough finishes here. Stay tuned for the next adventure! 🚀😊

Here is the link to the walkthrough for the third challenge in Tier 0 of Hack The Box:

Hack The Box: Dancing Writeup