Published: 7 Jan
2026
5-min read
INTRODUCTION
Task 1: Introduction
No answer is required for this task.
Task 2: Telnet
Q. To which port will the telnet command with default parameters connect?
A. 23
Explanation
Telnet is a network protocol used to remotely connect to another computer over TCP/IP and execute commands. It operates on Port 23 (TCP) and follows a client–server model.
What Telnet Does
- Allows remote login to another machine
- Provides command-line access to remote systems
- Helps test open ports and services
Common Telnet Commands
- telnet <hostname>
- telnet <hostname> <port>
- open <hostname> <port>
- close
- quit
Task 3: Hypertext Transfer Protocol (HTTP)
Q. Launch the attached VM. From the AttackBox terminal, connect using Telnet to MACHINE_IP 80 and retrieve the file flag.thm. What does it contain?
A. THM{e3eb0a1df437f3f97a64aca5952c8ea0}
Explanation
HTTP (Hypertext Transfer Protocol) is the foundation of communication on the web. Browsers and servers use it to request and deliver webpages, images, videos, and APIs.
Ways to Access a Webpage
- Web Browser (Chrome, Firefox, etc.)
- Command-line tools such as curl or wget
- Programming languages like Python or JavaScript
- APIs returning JSON or XML data
- Raw TCP/Telnet (for educational purposes)
In this example We will connect to the website server using telnet command. telnet 10.48.174.71 80. After connecting run the below command.
GET /flag.thm HTTP/1.1
You will see the flag - THM{e3eb0a1df437f3f97a64aca5952c8ea0}
Task 4: File Transfer Protocol (FTP)
Q. Using an FTP client, connect to the VM and try to recover the flag file. What is the flag? (Username: frank, Password: D2xc9CgD)
A. THM{364db6ad0e3ddfe7bf0b1870fb06fbdf}
Steps
- Run ftp MACHINE_IP
- Enter the provided username and password
- Use ls to list files
- Use get filename to download the file
- Read the file contents to retrieve the flag
Flag: THM{364db6ad0e3ddfe7bf0b1870fb06fbdf}
Task 5: Simple Mail Transfer Protocol (SMTP)
Q. Using the AttackBox terminal, connect to the SMTP port of the target VM. What is the flag that you can get?
A. THM{5b31ddfc0c11d81eba776e983c35e9b5}
Process
Connect to the SMPT server using telnet using the below command
Run:
telnet MACHINE_IP 25.
You will see the output, where you will get the flag.
Trying 10.48.186.14...
Connected to 10.48.186.14.
Escape character is '^]'.
220 bento.localdomain ESMTP Postfix THM{5b31ddfc0c11d81eba776e983c35e9b5}
Task 6: Post Office Protocol 3 (POP3)
Q1. Connect to the VM (10.48.186.14) at the POP3 port. Authenticate using the
username frank
and
password D2xc9CgD. What is the response you get to STAT?
A1. +OK 0 0
Q2. How many email messages are available to download via POP3 on 10.48.186.14?
A2. 0
Process
Connect to the POP3 service using: telnet 10.48.186.14 110
Authenticate with: username frank and password D2xc9CgD
Run the command:STAT
output: +OK 0 0
In POP3, this means:
- 0 messages
- 0 total size (bytes)
Task 7: Internet Message Access Protocol (IMAP)
Q. What is the default port used by IMAP?
A. 143
Explanation
| Service | Default Port | Protocol | Encrypted Version | Encrypted Port |
|---|---|---|---|---|
| HTTP | 80 | TCP | HTTPS (HTTP over SSL/TLS) | 443 |
| FTP | 21 | TCP | FTPS (FTP over SSL/TLS) | 990 |
| Telnet | 23 | TCP | SSH (Secure Shell) | 22 |
| SMTP | 25 | TCP | SMTPS | 465 |
| POP3 | 110 | TCP | POP3S | 995 |
| IMAP | 143 | TCP | IMAPS | 993 |
| LDAP | 389 | TCP/UDP | LDAPS | 636 |
| RDP | 3389 | TCP | RDP over TLS | 3389 (with TLS) |
| DNS | 53 | TCP/UDP | DoT (DNS over TLS) | 853 |
| SMB | 445 | TCP | SMB over TLS | 445 (with encryption) |
Task 8: Summary
Click proceed to complete the room.