The Starting Point series covers Hack The Box’s free Tier 0–2 machines with explicit methodology, dead-end documentation, and an AI-assist log on every writeup. Use it as a calibration baseline for higher-difficulty writeups in this blog.
Every box in this series gets full coverage: every command, every failed approach, every lesson extracted — including exactly where Claude helped and where it didn’t.
Box info | OS: Ubuntu 20.04.2 LTS | Difficulty: Very Easy | Tier: 0 | Status: Starting Point Skills: TCP basics, Telnet protocol nuances, weak credentials, OS fingerprinting Pwned: 2026-04-26 TL;DR Meow is HTB’s first Starting Point box and it has exactly one open port — 23/tcp Telnet. The root account is configured with no password, so authentication boils down to typing root at the login prompt and reading the flag from /root/flag.txt. The interesting lesson is not the exploit. It is why a raw Python socket and nc both fail to talk to a Telnet server, while telnetlib works the first time: Telnet is not raw TCP, it requires RFC-854 option negotiation before the server will hand over a prompt. That distinction shows up again on real engagements with proxy-aware services and cleanup-aware shells, so it is worth internalising on the easiest box on the platform. ...