Network challenges

Solution of Touch2

There's a service somewhere on the server in the portrange 18000-20000. Find it and log in to get the flag!

To find the services we need to start with port scanning. The proper command is nmap -sT -p18000-20000, because we are doing a tcp scan in the portrange of 18000-20000. After nmap has finished scanning we found the service on port 19101.

As the port of the service has been found it is time to identify the protocol. Without knowing the protocol we cannot communicate with the service. In the challenge description there is no hint or information about the service type. We can try the known services first. The easiest way to connect to a service is telnet. It looks like it was successful, because using the telnet 19101 command we are asked to login. There is hint listed, it is Aladdin - eSafe Appliance.

The first step before attacking a service is usually to do information gathering. Now we now that this is an Aladdin service, so let us check some basic information. On we can search for default logins and passwords. Aladdin is a security appliance which has a default login name and password. The username is root, the password is kn1TG7psLu.

Using this creditials we can easily log in, and we can get the flag.