Fala Rapaziada, beleza?
Hoje vou trazer a resolução da máquina Meow do Starting Point do HTB.
Primeiramente fiz a invasão na máquina, depois respondi as tarefas. Como se trata de uma máquina nível 0 para quem está iniciando seus estudos em pentest, a resulação dela é bem simples.
Invasão
Comecei rodando o nmap para verificar as portas abertas.
A única porta encontrada foi a porta 23 (telnet)
nmap -sSV -Pn -p- 10.129.1.17 --min-rate=1000
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-05 08:49 EST
Nmap scan report for 10.129.1.17
Host is up (0.19s latency).
Not shown: 65534 closed tcp ports (reset)
PORT STATE SERVICE VERSION
23/tcp open telnet Linux telnetd
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 80.84 seconds
Após descobrir a porta, tentei conectar na porta usando o telnet.
Consegui acesso a máquina com a credencial root, sem senha:
User: root
Pass: (em branco / sem senha)
Com acesso já consegui capturar a flag flag.txt.
telnet 10.129.1.17
Trying 10.129.1.17...
Connected to 10.129.1.17.
Escape character is '^]'.
█ █ ▐▌ ▄█▄ █ ▄▄▄▄
█▄▄█ ▀▀█ █▀▀ ▐▌▄▀ █ █▀█ █▀█ █▌▄█ ▄▀▀▄ ▀▄▀
█ █ █▄█ █▄▄ ▐█▀▄ █ █ █ █▄▄ █▌▄█ ▀▄▄▀ █▀█
Meow login: root
Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-77-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Sun 05 Feb 2023 01:54:38 PM UTC
System load: 0.0
Usage of /: 41.7% of 7.75GB
Memory usage: 4%
Swap usage: 0%
Processes: 137
Users logged in: 0
IPv4 address for eth0: 10.129.1.17
IPv6 address for eth0: dead:beef::250:56ff:fe96:a082
* Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.
https://ubuntu.com/blog/microk8s-memory-optimisation
75 updates can be applied immediately.
31 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
The list of available updates is more than a week old.
To check for new updates run: sudo apt update
Last login: Mon Sep 6 15:15:23 UTC 2021 from 10.10.14.18 on pts/0
root@Meow:~#
root@Meow:~# ls
flag.txt snap
root@Meow:~# cat flag.txt
b40abdfe23665f7XXXXXXXXXXXXX
Respondendo Tarefas
Task 1 – What does the acronym VM stand for?
R: Virtual Machine
Task 2 – What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN connection? It’s also known as a console or shell.
R: Terminal
Task 3 – What service do we use to form our VPN connection into HTB labs?
R: openvpn
Task 4 – What is the abbreviated name for a ‘tunnel interface’ in the output of your VPN boot-up sequence output?
R: tun
Task 5 – What tool do we use to test our connection to the target with an ICMP echo request?
R: ping
Task 6 – What is the name of the most common tool for finding open ports on a target?
R: nmap
Task 7 – What service do we identify on port 23/tcp during our scans?
R: telnet
Task 8 – What username is able to log into the target over telnet with a blank password?
R: root
Submit flag
R: b40abdfe23665f7XXXXXXXXXXXXX
Seja o primeiro a comentar