Meow is one of the first vulnerable machines to PWN within the first tier. It gives us an understanding of the basics of penetration testing and how to get started when using HTB (Hack the box). Being the starting point, we will be exploring how we would use the workstation that is provided and a starting point on using a different operating system ( well for me at least) The OS system that is used within Meow would be the Linux OS system

My understanding of the intro paragraph (within the write up)

The very first step in any penetration test or security assessment is known as enumeration. We need to gather information about our target so we can understand what it is, which services it uses, and how it behaves. This process also makes it easier to identify any weaknesses, helping us find ways to penetrate the target ʕ ͡° ͜ʖ ͡° ʔ.

Usually, for these tasks, we need to be on the same network as the target, so we use VPNs to do this. Once connected, we can do a variety of things right away. We can interact with the target as if we were normal users on the network. If it’s a web server, we can visit its IP address in a browser to see the website or discover what it’s hosting. If it’s a file or storage server, we can connect to its IP and explore its files (assuming we have valid login credentials).

One thing to note about servers is that they use ports. These ports serve data to other clients or networks. As part of the enumeration process, we often scan these ports using a tool called “nmap.” This tool helps us identify which ports are open, which services are running, and what OS or software the target might be using. From this step alone, we can gain an understanding of the target’s purpose within the network and any potential vulnerabilities it may have.

Using this information, we employ various tools and techniques to try accessing the server on these ports and conduct our own research about them. Different services require different tools and methods. For example, for a website running on port 80, you would typically use a web browser, while a file-sharing service on port 445 would call for SMB tools.

All this knowledge comes with time, practice, and research. Studying tools, systems, and vulnerabilities is a critical part of penetration testing, as it enables you to compromise the target effectively. The overall goal is to be meticulous and careful, we must avoid rushing and overlooking steps at any phase of the test.

Enumeration

Expanding on the points made within the previous section, after the VPN connection has been established we would ping the target IP address by using the ‘ping’ within the terminal.

(With HTB, they typically provide a target IP for us to practice on. This lets us follow the recommended steps and the accompanying write-ups to learn and understand what’s happening at each stage.)

If we get four successful replies, we can establish that the provided IP address is working and stable. This step is important to confirm the accuracy of our information and avoid wasting time on an unstable or non-functioning IP address.

Usually the reply would go on forever, so we would use the shortcut of ‘ctrl+c’ to cancel the ping command, and this shortcut isn’t exclusive to just the ping, it can be sued on mostly everything else said so otherwise

Now that we’ve confirmed the IP is accessible, we can use Nmap (Network Mapper) to scan the target’s ports. Nmap identifies open ports and determines which servers or services are running on them. We also use the ‘-sV’ flag for service detection, giving us more details about the services the target is using.

After about 10.50 seconds (at least for me), we can see the results of the scan. It appears that one port is open on the target: port 23. We can also see that the service is Telnet, and its version is “linux telnet.” Although this might seem like a small amount of information, it can actually be quite valuable. A quick google search gives us some information

From a simple search, we learn that port 23 (Telnet) is a client/server application protocol that provides access to virtual terminals of remote systems on local area networks or the Internet. In basic terms, it’s a remote access CLI tool. More additional research shows that Telnet is an older tool that isn’t widely used anymore because it lacks modern encryption features and isn’t secure for transmitting sensitive data.

For us this is good news, lack of modern encryption and secure transmissions means it’s easier for us to get into it

Telnet

The way that telnet keeps their connection secure is by a login configuration with a combination of usernames and passwords. And that would be our next issue to look into

Now we need to get connected to the telnet services. We do this by a command of ‘telnet {target_ip}

Now that we are connected to the target IP via telnet command, we need to figure out how to get into the ‘secure’ target and explore it. 

Understanding the foothold paragraph (in the write up)

Important accounts (like admin, administrator, or root) can sometimes have no password due to configuration errors, making them easy targets for brute-force attacks. An attacker can try these known usernames, either manually or with automated scripts using wordlists. Ensuring these accounts have secure passwords helps prevent such attacks.

Usually we don’t get things correct the first time, so we just keep going until we get something that works! Unfortunately telnet is the only way to get in as it’s the only open port.

Nice! Root worked and without a need of a password as well. Now that has worked, we can explore the directory. As this is linux, we would need to use the ‘ls’ command (lower cause L NOT uppercase I). 

Looks like we have found the flag, let’s capture it! We use the command ‘cat flag.txt’ the cat command would display the contents of the text file within the terminal. 

The flag is something that we need to find to pwn the ‘box’. It just simply means we did it with HTB and compromised the target IP. the Flag.txt would simply contain a hash key that would then be 

That’s it for the machine, next post we shall explore the questions and answers of the quiz about Meow! Now let’s code ‘em all! ʕ -ᴥ•ʔ♡

• blob:https://app.hackthebox.com/8c272880-55d1-4ab3-8d90-dd6a95401f7f   (Meow Write up)        
• https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/telnet (Understanding Telnet)
• https://www.cloudns.net/blog/telnet-explained-what-is-it-and-how-it-works/#:~:text=Telnet%20was%20 developed%20way%20 before,easily%20 intercept%20on%20the%20network. (Vunerabilities in telnet)  

• https://stackoverflow.com/questions/7013137/automating-telnet-session-using-bash-scripts (using telnet command in bash)