Lab Objective: Meow is the first machine in the Starting Point series on Hack The Box. The goal is to build foundational skills in penetration testing by connecting to services like FTP, SFTP, SMB, Telnet, RSync, and RDP anonymously. We also learn tools such as Nmap, the Bash terminal, and how to communicate with machines and identify vulnerabilities.
Enumeration
Enumeration is the first and most critical step in penetration testing. It involves gathering information about the target system. Skipping this step can lead to missed vulnerabilities and wasted time.
I began by using ping [TARGET IP] to check if the host was reachable. It responded successfully. Since I was using Parrot OS and was unfamiliar with Linux commands, I learned that Ctrl + C cancels the ping, and -c allows you to specify the number of pings.
Nmap Scans
Nmap is a powerful network scanner used for host discovery and vulnerability assessment. I used two key commands:
sudo nmap -sV [IP Address]— scans for open ports and identifies service versions.sudo nmap -Pn [IP Address]— skips host discovery and assumes the host is up, useful when ICMP is blocked.
The scan revealed that Telnet was running on Port 23.
Establishing a Foothold
Telnet: Connecting to the Box
Telnet is a protocol used to connect to remote machines via a command-line interface. I used telnet [IP ADDRESS] and was prompted for a username and password. Knowing Telnet is unsecure, I tried common combinations like admin, administrator, and root — and it let me in.
I researched brute force attacks and learned that tools can automate login attempts. I also considered encoding Telnet traffic with base64, but discovered that Telnet transmits data in plain text — base64 is not encryption, it's easily decoded.
Inside Telnet, I typed help and ? to explore available commands. I used ls to list files and discovered:
ls -l— displays files in long list format.ls -a— includes hidden files.
I found a file named flag.txt. Using cat flag.txt, I retrieved the hash value to complete the room.
Final Thoughts
- How to identify and connect to services using Nmap and Telnet.
- The importance of enumeration before touching anything.
- Basic Linux navigation and terminal commands —
ls,cat,Ctrl+C.
This was my first hands-on experience with penetration testing. It's simple by design, and it lays the groundwork for everything that follows.