HTB Fawn Walkthrough [Tier 0]: Learning FTP Enumeration and Anonymous Login

Introduction

Fawn is one of the introductory Hack The Box machines designed for beginners. It focuses on a commonly exposed service: FTP (File Transfer Protocol).

By completing this machine, you'll learn:

• Basic network reconnaissance

• Service enumeration with Nmap

• FTP fundamentals

• Anonymous FTP authentication

• Retrieving files from an FTP server

Difficulty: Tier 0 (Beginner)

Reconnaissance

Before interacting with the target, I verified connectivity using ICMP.

ping 10.129.211.204

This confirms that the target is reachable on the network.

Next, I performed service enumeration using Nmap.

nmap -sC -sV 10.129.211.204

Output:

PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-rw-r--r--    1 0        0              32 Jun 04 2021 flag.txt
Service Info: OS: Unix

The scan immediately reveals several important details:

• FTP is running on port 21

• The service version is vsftpd 3.0.3

• Anonymous login is enabled

• A file named flag.txt is accessible

• The target is running a Unix-based operating system

At this point, enumeration has already provided the path to the flag.

Understanding FTP

FTP stands for File Transfer Protocol.

It is used to transfer files between systems across a network. One important characteristic of traditional FTP is that data and credentials are transmitted in plaintext.

Modern environments often prefer:

SFTP (SSH File Transfer Protocol)

because it encrypts communications using SSH.

Connecting to the FTP Service

Since anonymous access is allowed, I connected using the FTP client.

ftp 10.129.211.204

Login:

Name: anonymous
Password: anonymous

After successful authentication, the server responds with:

230 Login successful

Common FTP response codes include:

Enumerating Available Files

After logging in, I listed the contents of the FTP directory.

ftp> ls

Output:

-rw-r--r-- 1 0 0 32 Jun 04 2021 flag.txt

The server exposes a single file named:

flag.txt

Downloading the Flag

FTP uses the get command to download files.

ftp> get flag.txt

The file is transferred to the local machine.

To verify the contents:

cat flag.txt

Output:

035db21c881520061c53e0536e44f815

Machine completed.

Key Concepts Learned

FTP

A protocol used for transferring files across a network.

Port 21

The default port used by FTP servers.

Anonymous Login

A feature that allows users to authenticate without a traditional account.

Service Enumeration

The process of identifying services, versions, and configurations running on a target.

Nmap

A network scanner used to discover services and gather information about systems.

Tools Used

• Nmap

• FTP Client

• Ping

Key Takeaways

Completing Fawn reinforced several important fundamentals:

• Enumerate services before attempting exploitation.

• Always check for anonymous FTP access.

• Nmap scripting can reveal valuable information quickly.

• Misconfigured file-sharing services can expose sensitive files.

• Small findings during reconnaissance often lead directly to successful compromise.

Final Thoughts

Fawn is an excellent introduction to reconnaissance and service enumeration. While the machine is simple, it teaches an important lesson: thoroughly understanding exposed services can often be enough to achieve access without exploiting a vulnerability.