Hack The Box Starting Point #1: Meow

Sean Macander
7 min read1 day ago

--

Welcome to my series of Hack The Box Write Ups! I am an analyst in Deloitte Consulting’s Cloud Engineering practice. Though I apply cyber security principles in my day-to-day work serving clients, I find it difficult to maintain some of the more technical skills. I hope that as I work through Hack The Box, I can document what I have accomplished and sharpen my penetration testing skills. Thanks for reading, and I would love to hear your feedback!

Connect

To launch an attack on the target machine, you need to be on the same network. You can connect to the Starting Point VPN using one of the options that Hack the Box provides.

The first option is to connect using Pwnbox, Hack the Box’s recommended method. Pwnbox is a browser-based virtual machine, preconfigured with all the essential hacking tools installed. Hack The Box will give you two free hours of Pwnbox, and you can upgrade to VIP+ for unlimited access.

After clicking the option above, configure your settings based on your location. I am in the eastern side of the US, so my best options are:

  1. PWNBOX LOCATION: United States East
  2. VPN ACCESS: US — Starting Point
  3. VPN SERVER: Any

Once you have made your appropriate configurations, click ‘START PWNBOX.’

Once you have this view, you can open up the PwnBox in a Window in your browser!

The other option is to connect using OpenVPN. Connecting through OpenVPN will allow you to use your own machine for hacking by downloading your VPN configuration and connecting from your own setup. A user might prefer OpenVPN over PwnBox to work within their own environment, allowing for greater familiarity, customization, and control over resources. Their local setup may include additional tools, persistent files, and specific configurations not available on PwnBox. OpenVPN also offers network flexibility, letting users control traffic and switch between VPNs as needed.

A virtual machine (VM) is needed to connect through OpenVPN. Using a VM for HTB activities is essential for security, flexibility, and system integration. VMs provide isolation, protecting your physical machine from malicious code and ensuring that network activity remains contained, reducing risks to your local environment. The ability to create snapshots allows you to revert to a clean state if anything goes wrong, offering a safety net during complex testing.

To use a VM, first you need a hypervisor. I recommend using VirtualBox, which is a hosted hypervisor developed by Oracle Corporation. You can download it here: Downloads — Oracle VirtualBox.

Next, you will need an operating system to spin up a virtual machine. I recommend using Parrot OS, which is focused on security, privacy, and development. You can download it here: Parrot Security

Once you download the .iso file, use ParrotOS’s documentation to help set up the VM: VirtualBox | ParrotOS Documentation

TIP: When using VirtualBox, you may need to enable VT-x (Virtualization) Technology in your computer’s BIOS. This is different computer-to-computer, but you can use this stackoverflow question as a starting point: android — Enable VT-x in your BIOS security settings (refer to documentation for your computer) — Stack Overflow

Finally, we can connect to HackTheBox!

After clicking the option above, configure your settings based on your location. I am in the eastern side of the US, so my best options are:

  1. VPN ACCESS: US — Starting Point
  2. VPN SERVER: Any

Start with UDP 1337 for better performance. Switch to TCP 443 if you encounter connectivity issues, high packet loss, or are on a restricted network.

Once you click download, you will get an .ovpn file. Then, put the file on your VM (you can configure the VM to allow drag and drop). Finally, use the command below to connect to HTB!

openvpn — config <filename>.ovpn

You will have to leave this terminal window open while you are connected. If the connection was successful, you will see that you are connected in the HTB Window:

The HTB guide to connecting through OpenVPN can be found here: Introduction to Lab Access | Hack The Box Help Center

Spawn Machine

Now that we have set up our lab with PwnBox, we will generate the machine that we will be hacking. To do this, press the ‘Spawn Machine’ button in the lab.

After a few minutes, the machine will be spawned and an IP will be provided.

You can test the connection on your machine by pinging it:

Tasks

Hack The Box has provided some tasks to help us guide through the starting point labs. These provide a great introduction into some of the terms and tools we use to hack machines. A lot of the answers to these tasks were used in the setup and configuration of the lab.

Task 1

What does the acronym VM stand for?

The acronym VM commonly stands for Virtual Machine in computing.

A Virtual Machine is a software-based emulation of a physical computer that runs an operating system and applications, isolated from the host system. It is widely used for testing, development, and running multiple operating systems on the same hardware.

Task 2

What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN connection? It’s also known as a console or shell.

The tool this task is referring to is called a Terminal or Command-Line Interface (CLI).

In different operating systems, it may be known by various names:

  • Linux/macOS: Terminal or Shell (e.g., Bash, Zsh).
  • Windows: Command Prompt (cmd) or PowerShell.
  • Cross-Platform: Windows Subsystem for Linux (WSL) or Terminal emulators like PuTTY and Hyper.

These tools allow users to interact with the operating system by issuing text-based commands, such as starting a VPN connection using command-line utilities.

Task 3

What service do we use to form our VPN connection into HTB labs?

The service used to form a VPN connection into Hack The Box (HTB) labs is OpenVPN.

OpenVPN is a popular open-source VPN client that allows secure tunneling into HTB’s private lab environments. Users download a unique VPN configuration file (.ovpn) from their HTB account, which contains the necessary settings and credentials to establish the connection.

To connect, the typical command is:

openvpn — config <filename>.ovpn

This creates a secure connection to the HTB network, enabling access to target machines and challenges within the labs.

Task 4

What tool do we use to test our connection to the target with an ICMP echo request?

The tool commonly used to test a connection to a target with an ICMP echo request is the ping command.

In a terminal, type:

ping <target-ip-or-hostname>

Example:

ping 10.10.10.10

ping sends ICMP echo request packets to the target and waits for an ICMP echo reply. It provides information such as: whether the target is reachable, round-trip time (RTT) for packets to travel to the target and back, and packet loss, if any.

Some systems or firewalls might block ICMP traffic, so ping may not always work, even if the target is up. If ping is unsuccessful due to ICMP being blocked, you can use other tools like nmap or try connecting on specific ports to verify the target’s availability.

Task 5

What is the name of the most common tool for finding open ports on a target?

The most common tool for finding open ports on a target is nmap (Network Mapper).

nmap is a powerful and widely-used network scanning tool design to discover hosts and services on a network. It identified open ports, running services, and even operating system details.

To scan for open ports on a target:

nmap <target-ip>

Example:

nmap 10.10.10.10

Task 6

What service do we identify on port 23/tcp during our scans?

When using nmap on the target machine, this is the result:

As we can see, telnet is the service we identified.

Task 7

What username is able to log into the target over telnet with a blank password?

When penetration testing, you will often run into an insecure or default login. If you find a service like telnet available on a machine, it is good practice to try to login using default usernames and passwords. It is provided that a username can login without a password, so it is our job to log in without a password.

Usernames I used to try and login, with the last one being the answer: admin, administrator, root.

Once you have access, the flag is there in the home directory! Congrats!

--

--

Sean Macander
Sean Macander

Written by Sean Macander

0 Followers

Cloud Engineering Analyst at Deloitte Consulting, focused on driving innovation and improving systems through technology. Lifelong learner and problem solver.

No responses yet