Hack The Box — Meow

HTB Tags: #Linux #Network #AccountMisconfiguration.

This was the very first box in the Starting Point, sixteen target series. So lets make a start and as with any challenge, we start with enumeration.

Having already set up the VPN for Starting Point and ensured that the target was up and running with the provided IP address, let’s see if we can see it and engage.

ping

So what is ping? It is simply a command line method of querying another computer on a network to determine if there is a connection to it. It will provide a binary return in the sence that each ping will either work or it won’t. In order to engage with a machine we should be able to provide a constant string of pings with a successful return result.

ping $IP -c 4

Now that we have successfully pinged this target four times successfully, we can be sure that the link is stable enough to continue. For reference we used the -c or count switch that will stop after <count> replies. Let’s continue and check for open ports on the target.

nmap

So what is nmap? Straight from the horses mouth (or rather their website:

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing.

This will allow us find and check the network connectivity for our target and how we can interact with it.

nmap $IP

Using nmap on the default setting, we have found port 23 (telnet) open, so we can use it to access the target. Futher details can be found here: https://www.speedguide.net/port.php?port=23

telnet

It is a network protocol that allows communication between a user on one computer to log into another computer that is part of the same network infrastructure. So let’s see what it provides us with.

telnet $IP

service access

As the first target, we were really just looking to enumerate the box and once we had found the port number and therefore the method to gain access to it, the supplied default logins, such as admin, administrator or root should be tested. Looks like we get in with root.

exploit and find the flag

With access as root, we can look for the flag. Normally each box has two flags. These are found in user.txt and root.txt. These are then entered into the HTB console to capture the flag.

summary

This was a nice machine that introduces two important elements within enumeration. Firstly, communicating with a system by ensuring it is availble (ping) and secondly, ensuring that you understand the available ports, what they can and indeed what tools are available to you to enable access.

--

--

--

20 + years in an IT environment, working for companies such as Synstar, HP, DXC and Capgemini in a number of different service areas. Now a cyber CTF addict.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Privacy and Security on Social Media

Abusing Windows Cached Credentials in Metasploit

Do You Need a Customer Risk Assessment Tool?

risk assessment tool cover

Minifying XSS

$PFAN Listing on HotBit Feb 18! What You Should Know about our v1 to v2 PFAN Token migration

Controlling Data or Controlled by Data?

Georgia State researchers look to disrupt cybercriminal supply chains

The Cross-Chain Insider — LI.FI’s Weekly Cross-Chain Newsletter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
James Pearson

James Pearson

20 + years in an IT environment, working for companies such as Synstar, HP, DXC and Capgemini in a number of different service areas. Now a cyber CTF addict.

More from Medium

Hack the Box — Appointment

[Cryptohack] Triple DES solution

Decode shikata ga nai with binary ninja — part 1

roottusk/vapi Writeup