Hack the Box – Meow

# Information:

Platform Name: Hack the Box

Machine Challenge: Meow

Machine Status: Starting Point

Challenge Level: Very Easy

# Used Tools:

  • Linux
  • nmap
  • telnet
  • terminal

# Challenge Description:

This challenge has a list of questions that need to be answered in order to retrieve the flag. We will answer every question.

# Writeup:

Task 1:

What does the acronym VM stand for?

Answer: VM stands for Virtual Machine. A Virtual Machine is a program that you can run on your computer that functions as a virtual computer.


Task 2:

What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN connection? It’s also known as a console or shell.

Answer: The tool that we use to issue commands is the terminal.


Task 3:

What service do we use to form our VPN connection into HTB labs?

Answer: For this one, we need to use the service openvpn. You can see how to do it in the video below.


Task 4:

What tool do we use to test our connection to the target with an ICMP echo request?”

Answer: To test our connection to the target we use the ping tool.

Ping sends an Internet Control Message Protocol (aka ICMP) echo request to the target host, and waits for an ICMP echo reply. If there’s a connection we will receive the following:

If there’s no connection we will receive the following:


Task 5:

What is the name of the most common tool for finding open ports on a target?”

Answer: When we do the ping we know if we’ve established a connection or not. In case that we’ve established a connection, we can try to see what ports are opened. The most common tool for finding open ports on a target is nmap.

We can use nmap in many ways and you can read about it on this web page.

In this case I used the switch -A because it will give me information about the OS, version, script scanning, and traceroute. You can see this in the image below.


Task 6:

What service do we identify on port 23/tcp during our scans?

Answer: As you can see in the image above, the service that is running on port 23 is telnet.

Telnet is used to virtually access a computer. So, that’s what we are going to try to do with the following command:

telnet <your IP here>


Task 7:

What username is able to log into the target over telnet with a blank password?

Answer: In this task we can try usernames like admin, administrator and root.

In this three usernames list, the one that allows us to login with a black password is the username root.

You can see the task 6 and 7 in the image below.


After we are in, we can list the documents, directories with the command ls. With this command we can see that there’s a text file named flag.txt.

To open and see the flag we can use the command:

cat flag.txt

The flag is:

Show flag
b40abdfe23665f766f9c61ecba8a4c19


Check out our video about this HackTheBox challenge!


Thank you very much for reading!

Cheers,

SoBatista


Leave a Reply

Your email address will not be published. Required fields are marked *