Meow | HackTheBox Easy

---

HackTheBox / Meow - STARTING-POINT

---

Setting-up VPN

step-1: Download the starting-point vpn file step-2: Open terminal and navigated to the downloaded directory (cd ~/Downloads) step-3: sudo openvpn {filename.ovpn}

note: run this vpn file in diffrent windows for better experience and run this script untill you see initial sequence completed

step-4 open terminal in another window and you can check the connectivity by pinging the ip address

Tasks

Task 1: What does the acronym VM stands for?

virtual machine

Task 2: What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN connection? It’s also known as a console or shell.

terminal

Task 3: What service do we use to form our VPN connection into HTB labs?

openvpn

Task 4: What is the abbreviated name for a ‘tunnel interface’ in the output of your VPN boot-up sequence output?

tun

Task 5: What tool do we use to test our connection to the target with an ICMP echo request?

ping

Task 6: What is the name of the most common tool for finding open ports on a target?

nmap

Enumeration

sudo nmap -sV -sC {target-ip}

-sV —> service version detection -sC —> software version detection

Nmap scan results:

Starting Nmap 7.93 ( https://nmap.org ) at 2022-12-08 01:02 EST
Nmap scan report for 10.129.96.82
Host is up (0.22s latency).
Not shown: 999 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
23/tcp open  telnet  Linux telnetd
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 24.63 seconds

Hmm, We can see that only 1 port is open that is telnet on 23 Let’s exploit using telnet!! if you are not sure what telnet is click here to do a quick google sesarch

Task 7: What service do we identify on port 23/tcp during our scans?

telnet

exploit telnet

telnet {target-ip}

We will need to find some credentials that work to continue since there are no other ports open on the target that we could explore :)

Some typical important accounts have self-explanatory names, such as:

• admin
• administrator
• root

Let’s try it out one by one (press enter for password as we are looking for blank password)

Task 8: What username is able to log into the target over telnet with a blank password?

root

We got the flag!!!

you can see that you are now root user of Meow machine root@Meow

type ls command to view the files inside the present directory type cat flag.txt to display the flag

SUBMIT ROOT FLAG

b40abdfe23665f766f9c61ecba8a4c19