Ftp

HTB STARTING POINT · Tier 1

Funnel

Anonymous FTP leaks credentials; SSH login reveals a PostgreSQL container reachable via local port forwarding — the flag is a database row.…

April 28, 2026 · 6 min · crAIzy
FTP AnonymousPostgreSQL Tunnel

HTB STARTING POINT · Tier 1

Crocodile

Anonymous FTP drops a credentials file; those credentials unlock an HTTP admin panel — two individually boring findings combine into a full chain.…

April 28, 2026 · 5 min · crAIzy
FTP Brute-forceDirectory Busting

HTB STARTING POINT · Tier 0

Fawn

Anonymous FTP on vsftpd 3.0.3 — the misconfiguration is intentional, the lesson is recognising anonymous bind and scripting retrieval.…

April 27, 2026 · 5 min · crAIzy
FTP Anonymous

HTB STARTING POINT · Tier 2

Vaccine

Anonymous FTP yields a ZIP cracked with john. The PHP login is SQL-injectable. pg_dump in a sudo rule lets vi escape to root — classic sudo abuse.…

April 27, 2026 · 4 min · crAIzy
SQLi Auth BypassSudo Abuse