Web
Nmap discovered a Web server on the target port 242
The running service is Apache httpd 2.2.21 ((Win32) PHP/5.3.8)
/Practice/AuthBy/2-Enumeration/attachments/{F9555A24-11E9-46B9-AD5B-1223135F1E81}.png)
/Practice/AuthBy/2-Enumeration/attachments/{F12A6320-380C-41B6-A6C1-11A15B151010}.png)
Webroot
While it uses the basic HTTP authentication, there is an interesting text to the Basic Real in the WWW-Authentication header
/Practice/AuthBy/2-Enumeration/attachments/{249E7785-8C26-4374-8FBD-F217EA0FA15A}.png)
Riddle?
Authentication
/Practice/AuthBy/2-Enumeration/attachments/{9E4DAE31-73AB-4A86-8225-13AFCB7008E8}.png)
Using the cracked credential of the offsec user
/Practice/AuthBy/2-Enumeration/attachments/{F8C6C70C-597B-4DA3-A7D9-648225C44775}.png)
Authenticated
I am able to upload files to the web root directory of the FTP server
Moving on to Exploitation phase