Fala Rapaziada, beleza?
Hoje vou trazer a resolução da máquina Meow do Starting Point do HTB.
Primeiramente fiz a invasão na máquina, depois respondi as tarefas. Como se trata de uma máquina nível 0 para quem está iniciando seus estudos em pentest, a resulação dela é bem simples.
Comecei rodando o nmap para verificar as portas abertas.
A única porta encontrada foi a porta 23 (telnet)
nmap -sSV -Pn -p- 10.129.1.17 --min-rate=1000 Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-05 08:49 EST Nmap scan report for 10.129.1.17 Host is up (0.19s latency). Not shown: 65534 closed tcp ports (reset) PORT STATE SERVICE VERSION 23/tcp open telnet Linux telnetd Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 80.84 seconds
Após descobrir a porta, tentei conectar na porta usando o telnet.
Consegui acesso a máquina com a credencial root, sem senha:
Pass: (em branco / sem senha)
Com acesso já consegui capturar a flag flag.txt.
telnet 10.129.1.17 Trying 10.129.1.17... Connected to 10.129.1.17. Escape character is '^]'. █ █ ▐▌ ▄█▄ █ ▄▄▄▄ █▄▄█ ▀▀█ █▀▀ ▐▌▄▀ █ █▀█ █▀█ █▌▄█ ▄▀▀▄ ▀▄▀ █ █ █▄█ █▄▄ ▐█▀▄ █ █ █ █▄▄ █▌▄█ ▀▄▄▀ █▀█ Meow login: root Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-77-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Sun 05 Feb 2023 01:54:38 PM UTC System load: 0.0 Usage of /: 41.7% of 7.75GB Memory usage: 4% Swap usage: 0% Processes: 137 Users logged in: 0 IPv4 address for eth0: 10.129.1.17 IPv6 address for eth0: dead:beef::250:56ff:fe96:a082 * Super-optimized for small spaces - read how we shrank the memory footprint of MicroK8s to make it the smallest full K8s around. https://ubuntu.com/blog/microk8s-memory-optimisation 75 updates can be applied immediately. 31 of these updates are standard security updates. To see these additional updates run: apt list --upgradable The list of available updates is more than a week old. To check for new updates run: sudo apt update Last login: Mon Sep 6 15:15:23 UTC 2021 from 10.10.14.18 on pts/0 root@Meow:~# root@Meow:~# ls flag.txt snap root@Meow:~# cat flag.txt b40abdfe23665f7XXXXXXXXXXXXX
Task 1 – What does the acronym VM stand for?
R: Virtual Machine
Task 2 – What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN connection? It’s also known as a console or shell.
Task 3 – What service do we use to form our VPN connection into HTB labs?
Task 4 – What is the abbreviated name for a ‘tunnel interface’ in the output of your VPN boot-up sequence output?
Task 5 – What tool do we use to test our connection to the target with an ICMP echo request?
Task 6 – What is the name of the most common tool for finding open ports on a target?
Task 7 – What service do we identify on port 23/tcp during our scans?
Task 8 – What username is able to log into the target over telnet with a blank password?