Hack The Box — Meow

HTB Tags: #Linux #Network #AccountMisconfiguration.

This was the very first box in the Starting Point, sixteen target series. So lets make a start and as with any challenge, we start with enumeration.

Having already set up the VPN for Starting Point and ensured that the target was up and running with the provided IP address, let’s see if we can see it and engage.

ping

So what is ping? It is simply a command line method of querying another computer on a network to determine if there is a connection to it. It will provide a binary return in the sence that each ping will either work or it won’t. In order to engage with a machine we should be able to provide a constant string of pings with a successful return result.

ping $IP -c 4

Now that we have successfully pinged this target four times successfully, we can be sure that the link is stable enough to continue. For reference we used the -c or count switch that will stop after <count> replies. Let’s continue and check for open ports on the target.

nmap

So what is nmap? Straight from the horses mouth (or rather their website:

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing.

This will allow us find and check the network connectivity for our target and how we can interact with it.

nmap $IP

Using nmap on the default setting, we have found port 23 (telnet) open, so we can use it to access the target. Futher details can be found here: https://www.speedguide.net/port.php?port=23

telnet

It is a network protocol that allows communication between a user on one computer to log into another computer that is part of the same network infrastructure. So let’s see what it provides us with.

telnet $IP

service access

As the first target, we were really just looking to enumerate the box and once we had found the port number and therefore the method to gain access to it, the supplied default logins, such as admin, administrator or root should be tested. Looks like we get in with root.

exploit and find the flag

With access as root, we can look for the flag. Normally each box has two flags. These are found in user.txt and root.txt. These are then entered into the HTB console to capture the flag.

summary

This was a nice machine that introduces two important elements within enumeration. Firstly, communicating with a system by ensuring it is availble (ping) and secondly, ensuring that you understand the available ports, what they can and indeed what tools are available to you to enable access.