Welcome to TryHackMe Network Services Walkthrough Part 2, oh yeah! Let’s learn, then enumerate and exploit a variety of network services and misconfigurations, second up is telnet. Watch this Network Services Walkthrough for TryHackMe’s room, Part 2 Telnet.
Task 5 Understanding Telnet
Questions:
- What is Telnet? application protocol
- What has slowly replaced Telnet? ssh
- How would you connect to a Telnet server with the IP 10.10.10.3 on port 23? telnet 10.10.10.3 23
- The lack of what, means that all Telnet communication is in plaintext? encryption
Task 6 Enumerating Telnet
Questions:
- How many ports are open on the target machine? 1
- What port is this? 8012
- This port is unassigned, but still lists the protocol it’s using, what protocol is this? tcp
- Now re-run the nmap scan, without the -p- tag, how many ports show up as open? 0
- Based on the title returned to us, what do we think this port could be used for? a backdoor
- Who could it belong to? Gathering possible usernames is an important step in enumeration. Skidy
Task 7 Exploiting Telnet
Questions:
- Great! It’s an open telnet connection! What welcome message do we receive? SKIDY’S BACKDOOR.
- Let’s try executing some commands, do we get a return on any input we enter into the telnet session? (Y/N) N
- Now, use the command “ping [local THM ip] -c 1” through the telnet session to see if we’re able to execute system commands. Do we receive any pings? Note, you need to preface this with .RUN (Y/N) Y
- What word does the generated payload start with? mkfifo
- What would the command look like for the listening port we selected in our payload? nc -lvp 4444
- Success! What is the contents of flag.txt? THM{y0u_**********}