Home

Writeups

YouTube Channel

Hack the Box - Meow

MEOW, part of the Starting Point section on Hack The Box, is an entry-level machine categorized as “very easy.” Designed conceptually, it serves as a primer for understanding how things work on the Hack The Box platform. The required steps to solve this machine are minimal, making it an ideal starting point for beginners. Essential skills include basic port scanning, familiarity with the telnet protocol, and utilizing default credentials. Additionally, a brute force approach can be employed for gaining access.

-> $ Tasks Overview

The task questions are introductory, some requiring you to Google information if you’re unfamiliar. I will address these below. Others demand enumeration and initial access to the machine.

-> $ Task 1: What does the acronym VM stand for ? - The acronym VM stands for Virtual Machine. Virtual machines are crucial components in the realm of cybersecurity, allowing users to simulate various operating environments within a single physical machine.

-> $ Task 2: What tool do we use to interact with the operating system to issue commands via the command line, such as the one to start our VPN connection? It's also known as a console or shell. - The tool used for interacting with the operating system via the command line, often referred to as a console or shell, is the terminal. It acts as a bridge between the user and the system, enabling the execution of commands and facilitating various operations.

-> $ Task 3:What service do we use to form our VPN connection into HTB labs? - To establish a secure VPN connection into Hack The Box labs, the OpenVPN service is employed. This service ensures a private and encrypted channel for communication between the user's machine and the Hack The Box platform.

-> $ Task 4: What tool do we use to test our connection to the target with an ICMP echo request?

- The tool of choice for testing connections with an ICMP echo request is the ping command. ICMP (Internet Control Message Protocol) is utilized to check the reachability of a network host, making it a fundamental tool for network troubleshooting.

-> $ Task 5: What is the name of the most common tool for finding open ports on a target? - Nmap stands out as the most common and versatile tool for discovering open ports on a target. It provides comprehensive information about the services running on those ports, aiding in the reconnaissance phase of penetration testing.

-> $ Enumeration

-> $ Port Scanning

To initiate the exploration of the MEOW machine, a port scan is performed using the command: nmap <host_ip> -F

This command efficiently scans the most common ports (-F param), revealing that port 23 is open and operating using the telnet protocol. Following this discovery, a more detailed scan is conducted:

				
					nmap <ip_adress> -p 23 -sCV
				
			

The service is telnet and version is telnetd and we solved the task 6. Despite yielding limited information, this prompts us to further investigate and connect via telnet so let’s attempt a telnet connection.

-> $ Task 6: What service do we identify on port 23/tcp during our scans?

- The service is telnet.

-> $ Initial Access

				
					telnet <host_ip>
				
			

Upon initiating a telnet connection, we are greeted with the distinctive Hack The Box banner message. Access can be swiftly achieved using default credentials or, for a more strategic approach, through a brute force attempt.

-> $ Brute Force

The hydra tool is harnessed for brute force endeavors:

				
					hydra -L <user_file> -P <pass_file> <victim_ip> telnet

				
			

Upon successful brute forcing, a noteworthy revelation emerges— the root username is universally valid for all passwords, indicating a lack of password requirements.

-> $ Task 7: What username is able to log into the target over telnet with a blank password? - The username is root. Now, connecting with the root account reveals our flag.

-> $ Task 8: Submit the root flag

-> $ General Review

MEOW serves as a foundational machine, offering invaluable insights into CTF (Capture The Flag) basics and acting as a gentle initiation into the Hack The Box platform. This machine emphasizes essential skills in port scanning, credential stuffing, and introduces the concept of brute force as a means of gaining access. As we embark on subsequent writeups, MEOW marks the inception of our journey. Stay tuned for more in-depth explorations!