Meow
Connect to Starting Point VPN before starting the machine:
1
└─$ sudo openvpn starting_point_YrnCollo.ovpn
Nmap results
1
2
3
4
5
6
7
8
9
10
11
12
13
14
└─$ nmap -sV -sC -T4 10.129.57.107
Starting Nmap 7.92 ( https://nmap.org ) at 2022-09-22 14:22 EAT
Nmap scan report for 10.129.57.107
Host is up (0.31s latency).
Not shown: 996 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
23/tcp open telnet Linux telnetd
1057/tcp filtered startron
3370/tcp filtered satvid-datalnk
32770/tcp filtered sometimes-rpc3
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 64.21 seconds
Task 1
What does the acronym VM stand for?
Answer: Virtual Machine
Task 2
What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN connection? It’s also known as a console or shell.
Answer: Shell
Task 3
What service do we use to form our VPN connection into HTB labs?
Answer: openvpn
Task 4
What is the abbreviated name for a 'tunnel interface' in the output of your VPN boot-up sequence output?
Answer: Tun
Task 5
What tool do we use to test our connection to the target with an ICMP echo request?
Answer: ping
Task 6
What is the name of the most common tool for finding open ports on a target?
Answer: nmap
Task 7
What service do we identify on port 23/tcp during our scans?
Answer: Telnet
Task 8
What username is able to log into the target over telnet with a blank password?
Answer: root
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
─$ telnet 10.129.57.107 1 ⨯
Trying 10.129.57.107...
Connected to 10.129.57.107.
Escape character is '^]'.
█ █ ▐▌ ▄█▄ █ ▄▄▄▄
█▄▄█ ▀▀█ █▀▀ ▐▌▄▀ █ █▀█ █▀█ █▌▄█ ▄▀▀▄ ▀▄▀
█ █ █▄█ █▄▄ ▐█▀▄ █ █ █ █▄▄ █▌▄█ ▀▄▄▀ █▀█
Meow login: root
Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-77-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Thu 22 Sep 2022 11:26:05 AM UTC
System load: 0.0
Usage of /: 41.7% of 7.75GB
Memory usage: 4%
Swap usage: 0%
Processes: 147
Users logged in: 0
IPv4 address for eth0: 10.129.57.107
IPv6 address for eth0: dead:beef::250:56ff:feb9:f05
* Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.
https://ubuntu.com/blog/microk8s-memory-optimisation
75 updates can be applied immediately.
31 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
The list of available updates is more than a week old.
To check for new updates run: sudo apt update
Last login: Mon Sep 6 15:15:23 UTC 2021 from 10.10.14.18 on pts/0
root@Meow:~#
Proof/flags
ifconfig
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
root@Meow:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.129.57.107 netmask 255.255.0.0 broadcast 10.129.255.255
inet6 dead:beef::250:56ff:feb9:f05 prefixlen 64 scopeid 0x0<global>
inet6 fe80::250:56ff:feb9:f05 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:b9:0f:05 txqueuelen 1000 (Ethernet)
RX packets 2663 bytes 196762 (196.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1718 bytes 99654 (99.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Root flag
1
2
root@Meow:~# cat flag.txt
b40abdfe****66***c61ecba***a4c19