# Submit Flag

## <mark style="color:purple;">Submit Flag</mark>

*Submit root flag*

***

### <mark style="color:purple;">How to</mark>

#### <mark style="color:purple;">Port Scanning</mark>

First, we're going to scan the ports:

```bash
sudo nmap -T5 -sCV <target_ip>
```

> -T5 is the aggressiveness level. 5 is the highest and 0 is the softest.
>
> -sCV refers to Nmap scripts. 'C' stands for the most commonly used scripts, while 'V' are the scripts that provide service information for each port.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXfS8Fmq9gRPa9cCUkto0iTCbjXF4b6AAMhR0_V-OpSy8cD-K-apm8kBH9nZt0uAlo21D9WMGg1pAeJKsyH1Edr2xR8r3q7At0g9Cw0A1bLPaN5SQjTFEf6WtwxoqLbATPOhmP2pCg?key=MSHaADTcf-bFwciR6COk6Pix" alt=""><figcaption><p>sudo nmap -T5 -sCV &#x3C;target_ip></p></figcaption></figure>

Port 23 is the only one that seems open and is running Telnet. Let's try connecting to it.

***

#### <mark style="color:purple;">Connecting via Telnet</mark>

To connect via Telnet, we'll use the root user without a password.

```bash
telnet <target_ip>
```

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXecGMhISkyaqtl1UIMB1h7hQjOa-cY6eBvOB5x1ul97AJ9W6PMVcWM3vA7PfQnIwAuhyheWERGgcS2EQigz7ZuT8YNqmMw3Otl-SA8g6X4i6jijVh3Rc3dmXdYPWr5LSWerpmZvbA?key=MSHaADTcf-bFwciR6COk6Pix" alt=""><figcaption><p>telnet &#x3C;target_ip></p></figcaption></figure>

***

#### <mark style="color:purple;">Obtaining the Root Flag</mark>

Now, let's find the root flag and display it.

```bash
ls -la
cat flag.txt
```

<figure><img src="https://657071395-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F6TULCIQYFngHxc4snxrs%2Fuploads%2FKDpuLaQ6OD6g1ujDZRsx%2Fimage.png?alt=media&#x26;token=672efea9-1a72-47d4-9305-f115948d0c6b" alt=""><figcaption><p>Obtaining the Root Flag</p></figcaption></figure>