> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/hack-the-box/labs/offense/tier-0-pen-testing/basic-penetration-testing-using-telnet-meow.md).

# Basic Penetration Testing using Telnet (Meow)

Here I am pinging my target (10.129.166.206) to see if I am on the same network segment or that it is on:<br>

<figure><img src="/files/GxlUdiJybspiy1cyacaB" alt=""><figcaption></figcaption></figure>

Next I'm running NMAP (network mapper) to scan which ports are open and what service they are running on the target machine:

<figure><img src="/files/OszWrWBfBd3L0cYDsq5Z" alt=""><figcaption></figcaption></figure>

The only port out of a 1000 ports open is port 23, which is running the "Telnet" service.

Here I try to connect to the target with telnet:

<figure><img src="/files/aeCFxXi04BQjWa9ad6nR" alt=""><figcaption></figcaption></figure>

I attempted to login with different user account names with blank password

<figure><img src="/files/6KsbAe1smWcPbvpSMOkK" alt=""><figcaption></figcaption></figure>

Looks like root was correct:

<figure><img src="/files/NB6MjIoB80bX7yEbpT9f" alt=""><figcaption></figcaption></figure>

I used "ls /" command to list directories and then "cd /root" to change directories to the root directory. Then I ran the list or ls command again to reveal the flag.txt file which I then concatenated with the "cat" command which output the file's contents revealing the "flag" to me.

<figure><img src="/files/us05w1z1t3xrhw8ePkAb" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/PpxSeGn1u0Shh9nW2eQn" alt=""><figcaption></figcaption></figure>
