Dear Friend, welcome to HaXeZ where today we’re looking at one of the Hack The Box Machines called Meow. This machine is part of the Tier 0 starting point boxes and is regarded as a very easy box. Additionaly, there are a number of questions that you need to answer in order to complete this machine. First we need to connect to the VPN. In order to do that click on the Starting Point link and download the OpenVPN files.
Connect To The Hack The Box VPN
Once you have the files downloaded, put them in your Virtual Machines shared folder. If you don’t know where that is then please see my guide on creating a virtual machine shared folder. Once the file is in your shared folder, boot your Virtual Machine and log in. Next you need to either navigate to the mount point of your shared folder or put the full file path in the following command.
┌──(kali㉿kali)-[/media/sf_OneDrive/Hack The Box/VPN] └─$ ls starting_point_HaXeZ.ovpn ┌──(kali㉿kali)-[/media/sf_OneDrive/Hack The Box/VPN] └─$ sudo openvpn starting_point_HaXeZ.ovpn 2022-04-29 08:28:32 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set. ---SNIP--- 2022-04-29 08:41:55 Initialization Sequence Completed
You should have now successfully complete the first challenge.
Spawn The Machine
Further down the page you should see question two with an option to spawn the box. Click on the spawn the box link and it should do just that. Additionally, once the box has been spawn you should see an IP address. Essentially, this is the address for the box that we will use to communicate with it.
You can now probably answer the next few questions too. The next one should be what does the acronym VM stand for? The answer is Virtual Machine.
The next question is what tool do we use to interact with the operating system in order to start our VPN connection? That will be the terminal.
After that, it asks What is the abbreviated name for a tunnel interface in the output of your VPN boot-up sequence output? You can find this out by running ifconfig on your virtual machine. If snipped out my eth0 and loop back address and some other information but you can see that the abbreviated name is tun.
┌──(kali㉿kali)-[/media/sf_OneDrive/Hack The Box/Machines/Meow] └─$ ifconfig tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.10.15.119 netmask 255.255.254.0 destination 10.10.15.119
Ping The Machine
Now that the box has been spawn and you know its address, it’s time to see whether we can talk to it. In order to do that we’re going to use the ‘ping’ command.
┌──(kali㉿kali)-[/media/sf_OneDrive/Hack The Box/Machines/Meow] └─$ sudo ping 10.129.122.207 | tee -a ping.txt PING 10.129.122.207 (10.129.122.207) 56(84) bytes of data. 64 bytes from 10.129.122.207: icmp_seq=1 ttl=63 time=15.6 ms
Which should now allow you to answer the next question which is what tool do we use to test our connection to the target? The answer is ping.
NMAP The Machine
Next we need to find out what services are available for us to talk to on the box. In order to do that we will use NMAP.
┌──(kali㉿kali)-[/media/sf_OneDrive/Hack The Box/Machines/Meow] └─$ sudo nmap -sC -sV -p- 10.129.122.207 | tee -a nmap.txt Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-29 08:42 EDT Nmap scan report for 10.129.122.207 Host is up (0.036s latency). Not shown: 65534 closed tcp ports (reset) PORT STATE SERVICE VERSION 23/tcp open telnet Linux telnetd Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Furthermore, you should now be able to answer the next question which is what is the name of the tool we use to scan the targets ports? The answer is nmap.
Telnet To The Box
The results from the nmap scan showed us that port 23 or telnet is open on the box. There were no other services listening so we should attempt to connect to telnet to see what’s running. In order to do this we need to type the telnet command followed by the ip address and then the port. Include spaces between each entity.
┌──(kali㉿kali)-[/media/sf_OneDrive/Hack The Box/Machines/Meow] └─$ sudo telnet 10.129.122.207 23 Trying 10.129.122.207... Connected to 10.129.122.207. Escape character is '^]'. █ █ ▐▌ ▄█▄ █ ▄▄▄▄ █▄▄█ ▀▀█ █▀▀ ▐▌▄▀ █ █▀█ █▀█ █▌▄█ ▄▀▀▄ ▀▄▀ █ █ █▄█ █▄▄ ▐█▀▄ █ █ █ █▄▄ █▌▄█ ▀▄▄▀ █▀█ Meow login: Administrator Password: Login incorrect
After a bit of time waiting, we are greeted with an ascii hack the box logo. This should allow you to answer the next question which is what service do we identify on port 23/tcp during our scans? The answer is telnet.
Login To The Box
We now need to login to the box but we don’t have any credentials. However telnet is predominantly a windows service so we can try logging in with Administrator or admin but those don’t work. However, if we try logging in as root with a blank password then we are successfully authenticated.
┌──(kali㉿kali)-[/media/sf_OneDrive/Hack The Box/Machines/Meow] └─$ sudo telnet 10.129.122.207 23 Trying 10.129.122.207... Connected to 10.129.122.207. Escape character is '^]'. █ █ ▐▌ ▄█▄ █ ▄▄▄▄ █▄▄█ ▀▀█ █▀▀ ▐▌▄▀ █ █▀█ █▀█ █▌▄█ ▄▀▀▄ ▀▄▀ █ █ █▄█ █▄▄ ▐█▀▄ █ █ █ █▄▄ █▌▄█ ▀▄▄▀ █▀█ Meow login: Administrator Password: Login incorrect Meow login: root Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-77-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage
After logging in we can see that the box is in fact Linux and running the Ubuntu operating system. We should now be able to answer the next question which is what username ultimately works with the remote management login prompt for the target. The answer is root.
Capture The Flag
Finally we now need to capture the flag. Fortunately they haven’t hidden it from us and we list out the directory we are currently in and see the file. Then all we need to do is cat that file and submit the flag to the web page.
Last login: Mon Sep 6 15:15:23 UTC 2021 from 10.10.14.18 on pts/0 [email protected]:~# ls flag.txt snap [email protected]:~# cat flag.txt b40abdfe23665f766f9c61ecba8a4c19 [email protected]:~#
And that’s it, you should now have pwned meow and can move on to the next box. Congratulations.