← Back
Meuw | Avishai’s CTF Writeups

Avishai's CTF Writeups

Yalla Balagan! A collection of my CTF writeups and solutions.

View on GitHub

TL;DR

We find open 23 port for telnet, and login with root user without password.

Recon

First, we connect to our openvpn using the command, when we use the ovpn file we downloaded for this purpose:

sudo openvpn Downloads/starting_point_agonen.ovpn

Then, we scan the ip using nmap, we’ll run this command:

nmap -sCV -p- --min-rate=10000 10.129.63.138

scan results

as we can see, there is an open telnet port:

23/tcp open  telnet  Linux telnetd
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Login with user root to telnet

we try to connect via telnet:

telnet 10.129.63.138

And it asks for username and password, we try to give several common creds:

Administartor
Admin
root

and luckily, the root user worked without requiring password! root works

Now, all left is to read flag.txt

read flag

Flag:b40abdfe23665f766f9c61ecba8a4c19