HTB-Meow-Writeup

The First Writeup at HTB

check whether you can reach the machine. To test this, ping the target’s IP address using

Now Let’s Use Nmap

we have identified port 23/tcp in an open state, running the
telnet service .

can see this is the case for our target, as we are met with a Hack The Box banner and a request from the
target to authenticate ourselves before being allowed to proceed with remote management of the target
host.

can see this is the case for our target, as we are met with a Hack The Box banner and a request from the
target to authenticate ourselves before being allowed to proceed with remote management of the target
host.
We will need to find some credentials that work to continue since there are no other ports open on the
target that we could explore.

can see this is the case for our target, as we are met with a Hack The Box banner and a request from the
target to authenticate ourselves before being allowed to proceed with remote management of the target
host.
We will need to find some credentials that work to continue since there are no other ports open on the
target that we could explore.
Foothold
Sometimes, due to configuration mistakes, some important accounts can be left with blank passwords for
the sake of accessibility. This is a significant issue with some network devices or hosts, leaving them open to
simple brute-forcing attacks, where the attacker can try logging in sequentially, using a list of usernames
with no password input.
Some typical important accounts have self-explanatory names, such as:
. admin
. administrator
. root
A direct way to attempt logging in with these credentials in hopes that one of them exists and has a blank
password is to input them manually in the terminal when the hosts request them. If the list were longer, we
could use a script to automate this process, feeding it a wordlist for usernames and one for passwords.
Typically, the wordlists used for this task consist of typical people names, abbreviations, or data from
previous database leaks. For now, we can resort to manually trying these three main usernames abov

The first two were not so lucky for us. When things look down, it is essential to keep going, be persistent. We
can’t succeed unless we attempt all possibilities. Let us try the last one.

The first two were not so lucky for us. When things look down, it is essential to keep going, be persistent. We
can’t succeed unless we attempt all possibilities. Let us try the last one.
Success! We have logged into the target system. We can now go ahead and take a look around the directory
we landed in using the ls command. There is a possibility we might find what we are looking for.

Answers For Tasks

Have A nice Day