Meow - Very Easy

Tag : Telnet, Protocols, Reconnaissance, Weak Credentials, Misconfiguration

At first you have to connect VPN or starting pwn box on HTB platform to connect their local lab.

If you not familiar with connect to HTB via OpenVPN you can following this instruction Connect HTB VPN using OpenVPN

---

Walkthrough

After connect to local lab then click the "SPAWN MACHINE" button to start Meow box.

After initiating the machine, attempt to establish a connection with the target machine by using the "ping" command along with its IP address to ensure connectivity.

ping {target_IP} 
# Example : ping 10.129.1.17

You can stop the ping command by using "Ctrl + C". In the screenshot, it's evident that our machine is connected to the target machine.

Following that, we will employ Nmap to gather additional details about the target machine. Determining the open port will aid in identifying potential vulnerabilities for exploitation.

Nmap is a network scanning tool that helps discover devices and services on a computer network. It provides information about open ports, services, and operating systems, making it useful for network exploration and security auditing.

sudo nmap -sV {target_IP}
# Example : sudo nmap -sV 10.129.1.17

As we can see the port that open on our target machine is port 23 with telnet services

Telnet is a network protocol that allows one computer to connect to another for text-based communication. It operates over TCP or UDP, often on port 23. While it provides a remote terminal connection, it lacks encryption, making it insecure for sensitive information. SSH is a more secure alternative.

As telnet serves as a "remote terminal connection," it implies the ability to execute commands on the target machine through the network.

Try telnet with target IP Address on our terminal

telnet {target_IP}
# Example : telnet 10.129.1.17

Telnet requires a login. In this step, consider using standard and essential usernames like admin, administrator, or root. However, the correct username for this machine is "root," and I will input the accurate information for your convenience.

That's all. We can now attempt to execute commands to obtain the flag. Let's start with the 'ls' command to list files in our current directory. Upon finding that 'flag.txt' is present, we can use the 'cat' command to read the flag and obtain the answer.

ls
cat flag.txt

---

Answers

Task 1 : What does the acronym VM stand for?

Virtual Machine

Task 2 : What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN connection? It's also known as a console or shell.

terminal

Task 3 : What service do we use to form our VPN connection into HTB labs?

openvpn

Task 4 : What tool do we use to test our connection to the target with an ICMP echo request?

ping

Task 5 : What is the name of the most common tool for finding open ports on a target?

nmap

Task 6 : What service do we identify on port 23/tcp during our scans?

telnet

Task 7 : What username is able to log into the target over telnet with a blank password?

root

Submit root flag

b40abdfe23665f766f9c61ecba8a4c19