📝 Final Report & Lessons Learned

1. Executive Summary

Fawn is a Tier 0 machine in the HTB Starting Point path. It focuses on the exploitation of an insecurely configured FTP service that allows anonymous access, leading to the theft of sensitive data.

2. Key Takeaways

Technical takeaways: Service misconfigurations (like enabling anonymous access) are a low-hanging fruit for attackers.
Strategic takeaways: Information gathering (Nmap) directly points to the exploitation vector when services are misconfigured.

3. Remediation

Disable Anonymous Login: Modify the FTP configuration (e.g., vsftpd.conf) to set anonymous_enable=NO.
Access Control: Implement strong authentication and restrict access to authorized users only.
Use Secure Protocols: Consider using SFTP or FTPS to encrypt data in transit.

4. Skills Gained

FTP Service Identification
Anonymous Authentication
Using the FTP Command Line Client
Data Exfiltration Basics

Operations

🏆 Back to HTB Dashboard →

🛡️ Cyber with KT Vault

Explorer

07_Lessons_Learned

📝 Final Report & Lessons Learned

1. Executive Summary

2. Key Takeaways

3. Remediation

4. Skills Gained

Graph View

Table of Contents

Backlinks