sudo nmap -T5 -sCV <target_ip>
-T5 is the aggressiveness level. 5 is the highest and 0 is the softest.
-sCV refers to Nmap scripts. 'C' stands for the most commonly used scripts, while 'V' are the scripts that provide service information for each port.
Port 23 is the only one that seems open and is running Telnet. Let's try connecting to it.
To connect via Telnet, we'll use the root user without a password.
Now, let's find the root flag and display it.
