Fawn Walkthrough | HackTheBox

We’re a hub for tech professionals looking to advance & optimize their IT Infrastructure by finding the perfect product, tool, or role. Learn more about us. If you don’t see a product you are looking for on our website you can send us feedback 🙂

CarlosRecruits Icon

This is a simple walkthrough for completing the Fawn target machine in Hackthebox.com.

Task 1

Question: What does the 3-letter acronym FTP stand for?

Answer: File Transfer Protocol

Task 2

Question: What communication model does FTP use, architecturally speaking?

Answer: Client-Server Model

Task 3

Question: What is the name of one popular GUI FTP program?

Answer: Filezilla

Task 4

Question: Which port is the FTP service active on usually?

Answer: 21 TCP

Task 5

Question: What acronym is used for the secure version of FTP?

Answer: SFTP

Task 6

Question: What is the command we can use to test our connection to the target?

Answer: ping

Task 7

Question: From your scans, what version is FTP running on the target?

Answer: vsFTPd 3.0.3

Task 8

Question: From your scans, what OS type is running on the target?

Answer: Unix

Submit Flag

From the box tags, we can see there are three tags which are ‘Linux’, ‘FTP’, and ‘Account Misconfiguration’. First we can confirm FTP is open by running the following command:

nmap -p21 -A

From the above scan, we can confirm FTP is open and running on TCP port 21. We can also confirm from the information in the scan that anonymous FTP login is allowed. FTP is an insecure protocol, thus why SFTP is used for secure connections. FTP does not use encryption for anything. Login credentials like your username and password, as well as the data you download or upload, are transferred in clear text.

Although FTP is an insecure connection and sniffing the packets will reveal the contents, using it internally such as at home is perfectly fine. Transferring data via the internet with FTP is not recommended.

Let’s try and connect using ftp to the remote host. To do this, simply type ftp followed by the IP of the host. If you are getting an error that says ftp command not found, you might not have ftp installed. On a debian based system run:

Install FTP

sudo apt install ftp

Connect Via FTP


Once you run the command to ftp to the host, you will be prompted to enter the username. The default login username most systems will be ‘anonymous’. When prompted to enter the password, you can just press enter and it will grant you access without a password.

The following screenshot shows a successful login with the username anonymous. You can see what files are available with the ‘ls’ command as shown below.

As you can see, the flags.txt file is available and this is what we are looking for.

To obtain this file, you can run the ‘get’ command followed by the name of the file as shown below. The file will be downloaded in your home directory.

You can use the file explorer to navigate to your home directory or the command line and the flag.txt file will be in there.

CarlosRecruits.com is an independent recruitment website launched in 2023 on a mission to match impactful people with meaningful organizations

Hi! My name is Carlos and I’ve been working in tech for the past 9 years.

I built this website to share my passion for recruitment and tech.

Clicking the heart tells me what you enjoy reading. Social sharing is appreciated (and always noticed).

That’s it. That is my pitch for you to stick around (or browse the site as you please).

If you want to get in contact with me, reach out to me via my socials 🙂

“Think of me as the ‘Consumer Reports’ for Impactful Talent.”

Exclusive insights on roles directly in your inbox.