Fern. Offensive Notes & Declassified Writeups
TITLE Meow
DATE 2026-02-27
OS Linux
DIFFICULTY Easy
IP ADDRESS 10.129.15.197
TAGS
htbstarting-pointlinuxtelnetmisconfiguration

Opening

Target: Single service, Telnet only.

1sudo nmap -sC -sV -oN nmap/initial 10.129.15.197

123/tcp open  telnet  Linux telnetd

Telnet on a Linux host in 2021 is immediately suspicious. No encryption, no modern auth hardening — worth attempting common usernames with no password before anything else.

Development

Connected directly:

1telnet 10.129.15.197

Attempted root at the login prompt. No password was requested. Shell returned immediately.

1ls

1flag.txt  snap

1cat flag.txt

Endgame

No lateral movement or privilege escalation needed — initial access landed directly in a root shell.

Post-Game Analysis

Telnet transmits all data in plaintext including credentials, making it unsuitable for any production use. Combined with a root account carrying no password, this represents two independent critical misconfigurations stacked on the same service.

SSH exists specifically to replace Telnet. There is no valid operational reason for Telnet to be exposed on a modern Linux host.