# Funnel ## Initial Scan ```nmap sudo nmap -T4 -Pn -sV -sC -v 10.129.246.65 -oA Funnel ```

## Task 1 How many TCP ports are open? Answer: 2 ## Task 2 What is the name of the directory that is available on the FTP server?

Answer: mail\_backup ## Task 3 What is the default account password that every new member on the "Funnel" team should change as soon as possible? - Look in the .pdf file from the FTP server.

Answer: funnel123#!# ## Task 4 Which user has not changed their default password yet?

Answer: christine ## Task 5 Which service is running on TCP port 5432 and listens only on localhost?

Answer: postgresql ## Task 6 Since you can't access the previously mentioned service from the local machine, you will have to create a tunnel and connect to it from your machine. What is the correct type of tunneling to use? remote port forwarding or local port forwarding? Answer: local port tunneling ## Task 7 What is the name of the database that holds the flag?

Answer: Secrets ## Task 8 Could you use a dynamic tunnel instead of local port forwarding? Yes or No. Answer: Yes ## Task 9 Submit Root Flag

Answer: cf277664b1771217d7006acdea006db1 --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cybersec.th4ntis.com/hackthebox/starting-point/tier-1/funnel.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.