Enumeration
As usual let's start with nmap:
nmap -sV IPReplace IP by the IP of the target machine (Meow)
Note: The IP of your target machine will change all the time, make sure your replace IP in the command above by the target machine's IP. You can find the target's IP directly from your hack the box account.
Use the -sV switch that stands for Service Version detection switch.
We find that port 23, which is associated with telnet, is open on the target machine. Let's now try to telnet to the target.
We first need to install telnet on our VM. To install telnet, type:
sudo apt install telnet
When telnet installation is finished, we can telnet to the target machine using:
telnet 10.129.229.175
Foothold
Sometimes administrators use very common username and passwords. Let's see if that's the case here.
Let's try username admin and password admin for instance:
Let's try username administrator and password administrator for instance
Let's try root as username
We are in! And we were not even asked for a password!
Let's list the files in our current directory by typing:
ls
We can see a file called flag.txt.
Type:
cat flag.txt
Congratulations! You got the flag!