Hack the Box is a platform to improve cybersecurity skills to the next level through the most captivating, gamified, hands-on training experience.
I will cover solution steps of the “Meow” machine, which is part of the ‘Starting Point’ labs and has a difficulty rating of ‘Very Easy’.
Login to Hack the Box portal and navigate to Starting Point’s page, where you will be prompted to choose between a PWNBOX or an OVPN (i.e. OpenVPN) connection. A PWNBOX is a pre-configured, browser-based virtual machine and requires a HackTheBox VIP+ membership for unlimited access.
I have used the OVPN method and Kali Linux through VirtualBox for this challenge. Download the VPN (.ovpn) configuration file and open a terminal window and run below mentioned command –
sudo openvpn [filename].ovpn
Note: [filename] should be replaced with the name of your downloaded .ovpn file for the Starting Point lab.
You will see the Initialization Sequence Completed line at the end, which confirms we have now connected to the Meow machine
Refresh the page in browser to see the new connection and then we can activate the machine by clicking the ‘Spawn Machine’ button
The machine is now active and showing a target IP address
Now solve all the available tasks by providing correct inputs and few tasks are actually hint to solve this machine.
Task 1: What does the acronym VM stand for?
Virtual Machine
[Virtual Machine (VM) is a virtual environment which functions as a virtual computer system with its own CPU, memory, network interface & storage, created on a physical hardware system. Hypervisor separates all the resources of machine from the hardware and provisions them properly so they can be used by the VM. Virtualization technology allows user to share a system with virtual environments.]
Task 2: What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN connection? It’s also known as a console or shell.
Terminal
[Terminal is a text-based interface used to control a Linux computer by executing specific command with proper input.]
Task 3: What service do we use to form our VPN connection into HTB labs?
openvpn
[OpenVPN is an open-source VPN protocol that makes use of virtual private network (VPN) techniques to establish safe site-to-site or point-to-point connections.]
Task 4: What is the abbreviated name for a ‘tunnel interface’ in the output of your VPN boot-up sequence output?
tun
[TUN/TAP devices are virtual interfaces used by VPN clients to establish virtual instances of physical networking connections. However both works at different layers to pass data from one host to another. TUN (network TUNnel) simulates a network layer device and operates in layer 3 carrying IP packets and TAP (network TAP) simulates a link layer device and operates in layer 2 carrying Ethernet frames. TUN is used with routing and TAP can be used to create a user space network bridge.]
Task 5: What tool do we use to test our connection to the target with an ICMP echo request?
Ping
[Ping (Packet Internet Groper) is invoked using command as “ping”, which uses ICMP (Internet Control Message Protocol) to reports errors and provides information related to IP packet processing. Ping works by sending an ICMP echo request message to the provided IP address. If the computer with the destination IP address is reachable, it responds with an ICMP echo reply message. A ping command additionally provides information about a network performance, a round-trip time, a time to send an ICMP request packet and receive an ICMP reply packet.]
Task 6: What is the name of the most common tool for finding open ports on a target?
Nmap
[Nmap (Network Mapper) is a free and open-source tool for network discovery and security auditing. It is used to discover hosts and services on a computer network by sending packets and analyzing the responses.]
Task 7: What service do we identify on port 23/tcp during our scans?
Telnet
[TELNET (TErminaL NETwork) is a type of protocol that enables one computer to connect to local computer. It follows TCP/IP networking protocol for creating remote sessions. Telnet is not a secure protocol and is unencrypted.]
Task 8: What username is able to log into the target over telnet with a blank password?
root
[If root does not work, try admin or administrator as well]
Task 9: Submit root flag
To solve this task, we need root flag. Perform a scan on the target IP using nmap tool.
It can be noticed, 23/tcp port is open and service is telnet.
Now, type the command telnet [Target_IP] in terminal to connect the server.
It will ask for the Meow Login and we can use “root” as username which is covered in previous task
We are able to connect using default username and without providing any password. Now use basic command “ls” to get all the folders/files available in that server
We can see the flag.txt file and to view the content of this file use cat command, which stands for concatenate.
Copy the flag value and submit in the browser
You will receive message as “Meow has been Pwned” and Challenge solved successfully.
Conclusion — Run nmap scan on [target_ip] and we have noticed port 23/tcp in an open state, running the telnet service. Now use mentioned command to connect to the target server “telnet [target_ip]” and provide “root” as username. After login use “ls” command to check all available directories/files. We can notice “flag.txt” file and to view content use “cat flag.txt” command and solve this machine.
