Anonymous-Access

Box info | OS: Linux (rsync protocol version 31) | Difficulty: Very Easy | Tier: 0 | Status: Starting Point Skills: rsync protocol, module enumeration, anonymous file transfer Pwned: 2026-04-27 TL;DR Synced is a Tier 0 box that teaches rsync enumeration from scratch. A full TCP sweep finds only one open port: 873/tcp (rsync). Listing rsync modules reveals a single public share with anonymous access and no password. Inside it: flag.txt in 33 bytes. Attempts to write to the share, traverse outside its root, and brute-force other module names all fail cleanly. The lesson: rsync, like FTP, can be configured for anonymous read access — and that makes it an excellent data-exfiltration target when sensitive files are placed inside the share. ...

Box info | OS: Linux (vsftpd 3.0.3) | Difficulty: Very Easy | Tier: 0 | Status: Starting Point Skills: FTP protocol basics, anonymous login, file transfer Pwned: 2026-04-27 TL;DR Fawn is an HTB Starting Point Tier 0 box built around a single misconfiguration: vsftpd 3.0.3 running with anonymous access enabled. Port scan reveals only FTP on 21/tcp. Anonymous login succeeds immediately, a directory listing reveals flag.txt, and a single curl or ftp command retrieves the flag. No shell access is possible — the server is correctly chrooted and read-only — but the flag is right there in the open. The lesson: anonymous FTP is exactly as dangerous as it sounds when sensitive files land in the shared directory. ...