# HTB Fawn Walkthrough [Tier 0]: Learning FTP Enumeration and Anonymous Login

## Introduction

Fawn is one of the introductory Hack The Box machines designed for beginners. It focuses on a commonly exposed service: **FTP (File Transfer Protocol)**.

By completing this machine, you'll learn:

*   Basic network reconnaissance
    
*   Service enumeration with Nmap
    
*   FTP fundamentals
    
*   Anonymous FTP authentication
    
*   Retrieving files from an FTP server
    

Difficulty: **Tier 0 (Beginner)**

* * *

## Reconnaissance

Before interacting with the target, I verified connectivity using ICMP.

```bash
ping 10.129.211.204
```

This confirms that the target is reachable on the network.

Next, I performed service enumeration using Nmap.

```bash
nmap -sC -sV 10.129.211.204
```

Output:

```text
PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-rw-r--r--    1 0        0              32 Jun 04 2021 flag.txt
Service Info: OS: Unix
```

The scan immediately reveals several important details:

*   FTP is running on port 21
    
*   The service version is **vsftpd 3.0.3**
    
*   Anonymous login is enabled
    
*   A file named `flag.txt` is accessible
    
*   The target is running a Unix-based operating system
    

At this point, enumeration has already provided the path to the flag.

* * *

## Understanding FTP

FTP stands for **File Transfer Protocol**.

It is used to transfer files between systems across a network. One important characteristic of traditional FTP is that data and credentials are transmitted in plaintext.

Modern environments often prefer:

**SFTP (SSH File Transfer Protocol)**

because it encrypts communications using SSH.

* * *

## Connecting to the FTP Service

Since anonymous access is allowed, I connected using the FTP client.

```bash
ftp 10.129.211.204
```

Login:

```text
Name: anonymous
Password: anonymous
```

After successful authentication, the server responds with:

```text
230 Login successful
```

Common FTP response codes include:

| Code | Meaning |
| --- | --- |
| 220 | Service ready |
| 331 | Username accepted, password required |
| 230 | Login successful |

* * *

## Enumerating Available Files

After logging in, I listed the contents of the FTP directory.

```text
ftp> ls
```

Output:

```text
-rw-r--r-- 1 0 0 32 Jun 04 2021 flag.txt
```

The server exposes a single file named:

```text
flag.txt
```

* * *

## Downloading the Flag

FTP uses the `get` command to download files.

```text
ftp> get flag.txt
```

The file is transferred to the local machine.

To verify the contents:

```bash
cat flag.txt
```

Output:

```text
035db21c881520061c53e0536e44f815
```

Machine completed.

* * *

## Key Concepts Learned

### FTP

A protocol used for transferring files across a network.

### Port 21

The default port used by FTP servers.

### Anonymous Login

A feature that allows users to authenticate without a traditional account.

### Service Enumeration

The process of identifying services, versions, and configurations running on a target.

### Nmap

A network scanner used to discover services and gather information about systems.

* * *

## Tools Used

*   Nmap
    
*   FTP Client
    
*   Ping
    

* * *

## Key Takeaways

Completing Fawn reinforced several important fundamentals:

*   Enumerate services before attempting exploitation.
    
*   Always check for anonymous FTP access.
    
*   Nmap scripting can reveal valuable information quickly.
    
*   Misconfigured file-sharing services can expose sensitive files.
    
*   Small findings during reconnaissance often lead directly to successful compromise.
    

* * *

## Final Thoughts

Fawn is an excellent introduction to reconnaissance and service enumeration. While the machine is simple, it teaches an important lesson: thoroughly understanding exposed services can often be enough to achieve access without exploiting a vulnerability.
