Write-up 6 July 2026 #Ctf Writeup #Cybersecurity #Iot Security #Pwned #hack the box
HTB Explosion Walkthrough

Task 1: What does the 3-letter acronym RDP stand for? Answer: Remote Desktop Protocol
Task 2: What is a 3-letter acronym that refers to interaction with the host through a command line interface? Answer: CLI
Task 3: What about graphical user interface interactions? Answer: GUI
Task 4: What is the name of an old remote access tool that came without encryption by default and listens on TCP port 23? If we look up default ports, we will see that port 23 is reserved for this. Answer: Telnet
Task 5: What is the name of the service running on port 3389 TCP? Now that we have the basic questions answered, lets run our usual nmap scan:
sudo nmap -sSCV 10.129.1.13 -p- --min-rate=1000
Once the results are returned, we see the following:
Answer: ms-wbt-server
Task 6: What is the switch used to specify the target host’s IP address when using xfreerdp? Let’s check the help page of xfreerdp: xfreerdp3 --help Answer: /v:
Task 7: What username successfully returns a desktop projection to us with a blank password?
When we try RDP-ing with just the IP, we see that there is a certificate name mismatch, so let’s ignore that.
We also need to specify a user, so we can try a bunch of default or regular usernames found. For this case, let’s start with Administrator. Press enter or click to view image in full size

And we are logged in!
Answer: Administrator
Task 8: Submit root flag We can see that the flag is on the desktop, so let’s get the answer from that. Answer: 951f******08a0