Recon

We start with nmap scan to found the ports open, we use a silent scan and don't apply dns resolution:

We export the archive of nmap in a grepable format, to use a function called extractPorts it's developed by s4vitar and gather the neccesary information and copy the open ports to clipboard:

We found the port 21 - TCP is open.

Let's launch another namp scan but more agressive to found the version and service is running in that port.

The results:

We found a missconfiguration, the ftp permits anonymous login and we have access to a flag.

Try to get into the machine:

In this case you can use any password or let in blank and hit enter.

Let list the files are in the directory in the nmap scan, we discover we have access to a file called flag.txt:

if you use help, a list of instructions with some utils comand is shown:

we use the command get this download a file to your machine.

Let list the files in the current directory:

and we have the flag, the rest is only print it with cat:

Summary

Fawn is a good machine to start, we get used to recognize ports, services and the version of services run in it, another part we learn about the anonymous access and the file protocol transfer and how to navigate in and how to get a file, basic but necessary and elemental.