<p><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_lBtBH1YGYIKJUtXkP-YpxdTpvIrv3hJGGXYYDXUVFfQhLcSj3oJaiyF3xFtI5aV9UQIOF0TxREo42KVVm8FtJpVuN7hkbspRlaxUO8p8GoYdWx3rcEIlzkD1LykfY_x9bJWeGyGlJWnoMJTqPM3kX0Eu5jxc3R2nFrR20V7ajm2mAle51rk0Bsfzdw_R/w640-h336-rw/Headless-HTB-Writeup.png" alt="Headless HTB Writeup" /></p>
<h2 id="heading-introduction">Introduction</h2>
<p>In this Post, Let’s See how to CTF Headless from hackthebox and if you have any doubts, comment down below 👇🏾</p>
<p><a target="_blank" href="https://www.hackerhq.tech/2024/03/headless-htb.html"><strong>Read Full Writeup - Click Here</strong></a></p>
<h3 id="heading-hacking-phases-in-headless">Hacking Phases in Headless</h3>
<p>Getting into the system initially.Checking open TCP ports using Nmap.Retrieving information from Telnet banners.Looking for vulnerabilities to exploit.Enumerating information through SNMP.Gaining access to a user shell.Obtaining the user flag.Escalating privileges.Using Metasploit for port forwarding.Identifying ways to escalate privileges.Exploiting vulnerabilities like file read to gain access.Obtaining the root flag.</p>
<h2 id="heading-lets-begin">Let’s Begin</h2>
<p>Let’s Hack Headless HTB 😌</p>
<h3 id="heading-scanning">Scanning</h3>
<p>Perform a RustScan to identify open ports.</p>
<pre><code class="lang-plaintext">rustscan 10.10.11.107 -- -A -Pn -T4 -sC -sV
</code></pre>
<p><img src="https://techyrick.com/wp-content/uploads/2024/02/Feb-25-Screenshot-from-Squoosh-16-1024x367.webp" alt /></p>
<p><img src="https://techyrick.com/wp-content/uploads/2024/02/Feb-25-Screenshot-from-Squo-1024x508.webp" alt /></p>
<p>Only port 23 is accessible. Update your /etc/hosts file to include “Headless.htb”. While searching for it, I came across this article</p>
<h3 id="heading-connecting-using-telnet">Connecting Using Telnet</h3>
<p>Let’s attempt to establish a connection using Telnet.</p>
<pre><code class="lang-plaintext">telnet Headless.htb
</code></pre>


![Headless HTB Writeup](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_lBtBH1YGYIKJUtXkP-YpxdTpvIrv3hJGGXYYDXUVFfQhLcSj3oJaiyF3xFtI5aV9UQIOF0TxREo42KVVm8FtJpVuN7hkbspRlaxUO8p8GoYdWx3rcEIlzkD1LykfY_x9bJWeGyGlJWnoMJTqPM3kX0Eu5jxc3R2nFrR20V7ajm2mAle51rk0Bsfzdw_R/w640-h336-rw/Headless-HTB-Writeup.png align="left")

## Introduction

In this Post, Let’s See how to CTF Headless from hackthebox and if you have any doubts, comment down below 👇🏾

[**Read Full Writeup - Click Here**](https://www.hackerhq.tech/2024/03/headless-htb.html)

### Hacking Phases in Headless

Getting into the system initially.Checking open TCP ports using Nmap.Retrieving information from Telnet banners.Looking for vulnerabilities to exploit.Enumerating information through SNMP.Gaining access to a user shell.Obtaining the user flag.Escalating privileges.Using Metasploit for port forwarding.Identifying ways to escalate privileges.Exploiting vulnerabilities like file read to gain access.Obtaining the root flag.

## Let’s Begin

Let’s Hack Headless HTB 😌

### Scanning

Perform a RustScan to identify open ports.

```plaintext
rustscan 10.10.11.107 -- -A -Pn -T4 -sC -sV
```

![](https://techyrick.com/wp-content/uploads/2024/02/Feb-25-Screenshot-from-Squoosh-16-1024x367.webp align="left")

![](https://techyrick.com/wp-content/uploads/2024/02/Feb-25-Screenshot-from-Squo-1024x508.webp align="left")

Only port 23 is accessible. Update your /etc/hosts file to include “Headless.htb”. While searching for it, I came across this article

### Connecting Using Telnet

Let’s attempt to establish a connection using Telnet.

```plaintext
telnet Headless.htb
```

Headless HTB Writeup or  Headless HTB walkthrough

Headless HTB Writeup | HacktheBox

Introduction

HackerHQ

HackerHQ

Headless HTB Writeup | HacktheBox

Table of contents

Introduction

Hacking Phases in Headless

Let’s Begin

Scanning

Connecting Using Telnet