📝 Final Report & Lessons Learned

1. Executive Summary

Crocodile is a Tier 1 machine that demonstrates the danger of misconfigured services (anonymous FTP) and the impact of storing sensitive information in publicly accessible areas. It also highlights the importance of directory bursting during web enumeration.

2. Key Takeaways

Technical takeaways: Always check for anonymous service logins. Directory bursting is essential when a web app’s landing page seems static.
Strategic takeaways: Information leak in one service (FTP) can lead to complete compromise of another (Web).

3. Remediation

Disable Anonymous FTP Login: Ensure all FTP users are authenticated.
Remove Sensitive Files: Never store credential lists or configuration files in accessible service directories.
Secure Web Directories: Use .htaccess or similar server configurations to hide administrative portals or limit access via IP/authentication.

4. Skills Gained

Anonymous FTP enumeration
FTP file exfiltration
Directory bursting with Gobuster
Web credential stuffing/reuse
Using extensions (-x php,html) in Gobuster

Operations

🏆 Back to HTB Dashboard →

🛡️ Cyber with KT Vault

Explorer

07_Lessons_Learned

📝 Final Report & Lessons Learned

1. Executive Summary

2. Key Takeaways

3. Remediation

4. Skills Gained

Graph View

Table of Contents

Backlinks