2 http

Enumerating ftp

Using wget -m --no-passive ftp://access.htb to download all files

`backup.mdb`

mdbtools-documentation [link](documentation https://github.com/mdbtools/mdbtools#utils)

backup.mdb is a Microsoft Access Database file which can be analyzed using mdb-tools. Enumerating shows saved plaintext passwords.

{
  "id": 25,
  "username": "admin",
  "password": "admin",
  "Status": 1,
  "last_login": "08/23/18 21:11:47",
  "RoleID": 26
},
{"id": 27, "username": "engineer", "password": "access4u@security", "Status": 1, "last_login": "08/23/18 21:13:36", "RoleID": 26
},
{
"id": 28, "username": "backup_admin", "password": "admin", "Status": 1, "last_login": "08/23/18 21:14:02", "RoleID": 26
}

`Access Control.zip`

File is a zip archive data. Using unzip returns an error. Googling this error shows a solution to use 7zip. Using password access4u@security.

Solution: Compression method 99 error indicates the AES (Adavance Encryption Standard) encryption. Unfortunately, This encryption standard is currently not supported by unzip binary. However, 7zip package can be used to extract such files

`Access Control.pst`

`Access Control.mbox`

Previous3 telnet Next1 recon

Last updated 3 years ago