The room aims to assess the user’s knowledge of SNMP and nc tools. Since RustScan supports parallel scanning, it offers significantly faster performance. I’ll leverage this capability to expedite the solution.

Step-by-Step

Scanning and Enumeration

I begin by running RustScan against the target to discover available services and open ports. The scan identifies three open ports: 22, 2222, and 31337. Intrigued by these findings, I decide to probe each service using telnet.

Vulnerability Scanning

After I telnet to port 31337, the server responds with user credentials (user:pass). I’m going to leverage this information to establish an SSH connection.

Gaining Access

I successfully log into the server and begin exploring directories to find the answer. Eventually, I discover flag.txt in /home/user, so I cat the file to retrieve the flag.

Room link

Intermediate Nmap

Intermediate Nmap

Step-by-Step

Scanning and Enumeration

Vulnerability Scanning

Gaining Access

Room link

Latest articles

Categories

Tags

Meta