TYS 0x05 - open sesame

This post is part of the Test Your Skills series. You can find an introduction here. And an overview of all TYS’s currently available is over here.


The goal of this challenge is to get your hands on the secret code which itself is hidden behind a secret and a captcha protection! You are allowed use any means necessary - think outside the box!


Hacking a telnetd sensor node on the back of busybox telnetd

Telnetd sensor node what?!

I call it a sensor node (more on that in a later post), you might call it a telnetd stub. We are essentially talking about a telnet service which looks like a telnet service, is fingerprinted as a telnet service, replies like a telnet service, but is limited to bare minimal functionality and just meant as a sensor to gather information.

In this case, we are looking for the folks who are looking for us - or, who are looking for exposed services on the interwebs (or maybe your corp network?).