The new term begins , New learning has also begun , I'm going to be closed in winter vacation , But I can't bear to play .2021 Summarize and find time to sort it out before writing . The actual combat is a little difficult , The master of code audit suggests not to do it first , Then brush HTB Pretty good also , Many praise . See beginner's Guide to connect to HTB After the target plane , It opens the first , It seems that if you don't do it in front, you can only open the first . After connecting, I didn't look at the target plane ,9 A task is actually a question and answer , Translate questions one by one , The answer is as follows : 1
2
3
4
5
6
7
8
Before this 8 Each task is a simple question and answer , But it's also a hint of the target . First of all, we nmap Drone aircraft Found a 23/tcp port ,telnet Direct connection You can see it here ,telnet Can be connected to , In general , Need an account and password , But this target tries more weak passwords , such as admin、administrator、root And so on. , And pray that the password is empty , But the first two need a password . When I input root Went straight in . The rest is Linux Simple command . hold flag Submit to page 9 There's a mission , You've finished the first HTB Drone aircraft ,very easy The difficulty is to be familiar with htb Operation of the . And there will be a cheering effect and sound effect after completing the target plane ! Hack the Box is a platform to improve cybersecurity skills to the next level through the most captivating, gamified, hands-on training experience. I will cover solution steps of the “Meow” machine, which is part of the ‘Starting Point’ labs and has a difficulty rating of ‘Very Easy’. Login to Hack the Box portal and navigate to Starting Point’s page, where you will be prompted to choose between a PWNBOX or an OVPN (i.e. OpenVPN) connection. A PWNBOX is a pre-configured, browser-based virtual machine and requires a HackTheBox VIP+ membership for unlimited access. I have used the OVPN method and Kali Linux through VirtualBox for this challenge. Download the VPN (.ovpn) configuration file and open a terminal window and run below mentioned command – sudo openvpn [filename].ovpn Note: [filename] should be replaced with the name of your downloaded .ovpn file for the Starting Point lab. You will see the Initialization Sequence Completed line at the end, which confirms we have now connected to the Meow machine Refresh the page in browser to see the new connection and then we can activate the machine by clicking the ‘Spawn Machine’ button The machine is now active and showing a target IP address Now solve all the available tasks by providing correct inputs and few tasks are actually hint to solve this machine. Task 1: What does the acronym VM stand for? Virtual Machine [Virtual Machine (VM) is a virtual environment which functions as a virtual computer system with its own CPU, memory, network interface & storage, created on a physical hardware system. Hypervisor separates all the resources of machine from the hardware and provisions them properly so they can be used by the VM. Virtualization technology allows user to share a system with virtual environments.] Task 2: What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN connection? It’s also known as a console or shell. Terminal [Terminal is a text-based interface used to control a Linux computer by executing specific command with proper input.] Task 3: What service do we use to form our VPN connection into HTB labs? openvpn [OpenVPN is an open-source VPN protocol that makes use of virtual private network (VPN) techniques to establish safe site-to-site or point-to-point connections.] Task 4: What is the abbreviated name for a ‘tunnel interface’ in the output of your VPN boot-up sequence output? tun [TUN/TAP devices are virtual interfaces used by VPN clients to establish virtual instances of physical networking connections. However both works at different layers to pass data from one host to another. TUN (network TUNnel) simulates a network layer device and operates in layer 3 carrying IP packets and TAP (network TAP) simulates a link layer device and operates in layer 2 carrying Ethernet frames. TUN is used with routing and TAP can be used to create a user space network bridge.] Task 5: What tool do we use to test our connection to the target with an ICMP echo request? Ping [Ping (Packet Internet Groper) is invoked using command as “ping”, which uses ICMP (Internet Control Message Protocol) to reports errors and provides information related to IP packet processing. Ping works by sending an ICMP echo request message to the provided IP address. If the computer with the destination IP address is reachable, it responds with an ICMP echo reply message. A ping command additionally provides information about a network performance, a round-trip time, a time to send an ICMP request packet and receive an ICMP reply packet.] Task 6: What is the name of the most common tool for finding open ports on a target? Nmap [Nmap (Network Mapper) is a free and open-source tool for network discovery and security auditing. It is used to discover hosts and services on a computer network by sending packets and analyzing the responses.] Task 7: What service do we identify on port 23/tcp during our scans? Telnet [TELNET (TErminaL NETwork) is a type of protocol that enables one computer to connect to local computer. It follows TCP/IP networking protocol for creating remote sessions. Telnet is not a secure protocol and is unencrypted.]
root [If root does not work, try admin or administrator as well]
To solve this task, we need root flag. Perform a scan on the target IP using nmap tool. It can be noticed, 23/tcp port is open and service is telnet. Now, type the command telnet [Target_IP] in terminal to connect the server. It will ask for the Meow Login and we can use “root” as username which is covered in previous task We are able to connect using default username and without providing any password. Now use basic command “ls” to get all the folders/files available in that server We can see the flag.txt file and to view the content of this file use cat command, which stands for concatenate. Copy the flag value and submit in the browser You will receive message as “Meow has been Pwned” and Challenge solved successfully.
|