HackerDNA — Nmap Lab 102 Write-Up | Telnet Misconfiguration & Weak Credentials

URL: https://hackerdna.com/labs/learn-102

Madaminovrahmatilloh

~2 min read · February 10, 2026 (Updated: February 10, 2026) · Free: Yes

What is this about :

This challange, basicly, tests your ability to do basic network scanning and exploitation on a target machine. Moreover, it is in easy-tier which gives 10 points when 2 flags : "root and user" were found.

How to find the 1st "flag-user":

1st we will do nmap scan :

nmap -v -Pn -sV -T4 $ip

$ip is a variable which changes whenever the challange is re-started and we can validate "$ip" value to the IP with :

$ip=IP   ##you can put the "ip" given by the HackerDNA instead of IP

after the nmap scan:

PORT   STATE SERVICE VERSION
23/tcp open  telnet  BusyBox telnetd
80/tcp open  http    Apache httpd 2.4.62 ((Unix))

as it seems, there is 2 ports open, and when we try HTTP port it say "There is nothing to see here", and it is true. Therefor, we have only 1 choice "telnet" and to access via telnet, we should type like:

telnet $ip

so after that, it usually asks about the name and password, but when we type the user in the username, it connects to the user account automatically.

ip$ip.eu-west-1.compute.internal login: user
Welcome to Alpine!

The Alpine Wiki contains a large amount of how-to guides and general
information about administrating Alpine systems.
See <https://wiki.alpinelinux.org/>.

You can setup the system with the command: setup-alpine

You may change this message by editing /etc/motd.

ip$ip:~$

so after connecting, we can see the " flag-user.txt" with just "ls" command. After the "ls" command, BANG!!, we will find the user flag !

How to find the 2nd flag "flag-root":

After accessing as a user in the telnet port in the ip, to find the 2nd flag, we need to become root. So, first thing that consider is typical password for the root access as it is in free-tier. We need to try "root" or "admin" password to access the root shell.

ip$ip:/$ su root
Password:

So to access the root shell, we will use the "su root" command and for the password we will use "root" so after that the root shell is achieved, only finding the 2nd flag is left and we will find the " flag-root.txt " by:

find / -type f -name "flag-root.txt" 2>/dev/null

so, finally, we will find the 2nd flag.

#cybersecurity #pentesting #labs