Writeups
YouTube Channel
Hack the Box - Meow
MEOW, part of the Starting Point section on Hack The Box, is an entry-level machine categorized as “very easy.” Designed conceptually, it serves as a primer for understanding how things work on the Hack The Box platform. The required steps to solve this machine are minimal, making it an ideal starting point for beginners. Essential skills include basic port scanning, familiarity with the telnet protocol, and utilizing default credentials. Additionally, a brute force approach can be employed for gaining access.
-> $ Tasks Overview
-> $ Task 1: What does the acronym VM stand for ? - The acronym VM stands for Virtual Machine. Virtual machines are crucial components in the realm of cybersecurity, allowing users to simulate various operating environments within a single physical machine.
-> $ Task 2: What tool do we use to interact with the operating system to issue commands via the command line, such as the one to start our VPN connection? It's also known as a console or shell. - The tool used for interacting with the operating system via the command line, often referred to as a console or shell, is the terminal. It acts as a bridge between the user and the system, enabling the execution of commands and facilitating various operations.
-> $ Task 3:What service do we use to form our VPN connection into HTB labs? - To establish a secure VPN connection into Hack The Box labs, the OpenVPN service is employed. This service ensures a private and encrypted channel for communication between the user's machine and the Hack The Box platform.
-> $ Task 4: What tool do we use to test our connection to the target with an ICMP echo request?
- The tool of choice for testing connections with an ICMP echo request is the ping command. ICMP (Internet Control Message Protocol) is utilized to check the reachability of a network host, making it a fundamental tool for network troubleshooting.
-> $ Task 5: What is the name of the most common tool for finding open ports on a target? - Nmap stands out as the most common and versatile tool for discovering open ports on a target. It provides comprehensive information about the services running on those ports, aiding in the reconnaissance phase of penetration testing.
-> $ Enumeration
-> $ Port Scanning
To initiate the exploration of the MEOW machine, a port scan is performed using the command: nmap <host_ip> -F
This command efficiently scans the most common ports (-F param), revealing that port 23 is open and operating using the telnet protocol. Following this discovery, a more detailed scan is conducted:
nmap <ip_adress> -p 23 -sCV
The service is telnet and version is telnetd and we solved the task 6. Despite yielding limited information, this prompts us to further investigate and connect via telnet so let’s attempt a telnet connection.
-> $ Task 6: What service do we identify on port 23/tcp during our scans?
- The service is telnet.
-> $ Initial Access
telnet <host_ip>
Upon initiating a telnet connection, we are greeted with the distinctive Hack The Box banner message. Access can be swiftly achieved using default credentials or, for a more strategic approach, through a brute force attempt.
-> $ Brute Force
The hydra tool is harnessed for brute force endeavors:
hydra -L <user_file> -P <pass_file> <victim_ip> telnet
Upon successful brute forcing, a noteworthy revelation emerges— the root username is universally valid for all passwords, indicating a lack of password requirements.
-> $ Task 7: What username is able to log into the target over telnet with a blank password? - The username is root. Now, connecting with the root account reveals our flag.
-> $ Task 8: Submit the root flag
