#1 Meow - Starting Point - Hack The Box || Complete detailed Walkthrough

Hack the Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests.


Before we start with our very first vulnerable machine, make sure you are connected with the target's network and know your way around a terminal.

Settings Up

Step 1: Connect To HTB

If you want to get connected with the HTB network, then click on “connect to HTB”. Now from here choose your "machine type". If you are at beginner level then choose for "starting point" or if you are at intermediate level then you can choose machine.

Step 2: Choose Starting Point

When visiting the Starting Point lab's page, you might have been prompted to pick between a Pwnbox connection or a VPN configuration file that you can download and run on your Virtual Machine.
Now you might have been prompted to pick between a Pwnbox connection or a VPN configuration file that you can download and run on your Local Machine.


Method 1: 

Running Pwnbox is straightforward, and you do not require any additional steps to connect to the target machine. If you boot up a new instance of Pwnbox under the Starting Point option, you will be automatically placed in the same network as the target.

Method 2:

If you choose to download the VPN (.ovpn) configuration file, then we have to download the OpenVPN application.

Step 3: Download OpenVPN 

Click this link to download OpenVPN: https://openvpn.net/download-open-vpn/ and install it.

Step 4: Upload the “.ovpn”

Browse the .ovpn file that you have downloaded in Step 2 > Method 2, and click connect to get connected with HTB.

Now our connection is established, and ready to start our first mission that is meow.


When we first start a penetration test or any security evaluation on a target, a primary step is known as Enumeration. This step consists of documenting the current state of the target to learn as much as possible about it. Since you are now on the same Virtual Private Network (VPN) as the target, you can directly access it as any user would.


If the target is a web server, running a public web page, you can navigate to its IP address to see what the page contains. If the target is a storage server, you can connect to it using the same IP address to explore the files and folders stored on it, provided that you have the necessary credentials. 

How do you find these services? You cannot manually search for them because it would take a long time. Every server uses ports in order to serve data to other clients.

The first steps in the Enumeration phase involve scanning these open ports to see the purpose of the target on the network and what potential vulnerabilities might appear from the services running on it. In order to quickly scan for ports, we can use a tool called Nmap.


After our VPN connection is successfully established, we can ping the target's IP address to see if our packets reach their destination. You can take the IP address of your current target from the Starting Point lab's page and paste it into "Command Prompt".

After successful replies from the target, we can determine that our connection is formed and stable.

From here, we can proceed with for next step that is scanning all of the target's open ports to determine which services running on it. In order to start the scanning process, we are going to use the following command with the help of the Nmap script.

Nmap stands for Network Mapper, and it will send requests to the target's ports in hopes of receiving a reply, thus determining if the said port is open or not. Some ports are used by default by certain services. Others might be non-standard, which is why we will be using the service detection flag -sV to determine the name and description of the identified services.

Following the completion of the scan, and we have identified that port 23/TCP is in an open state, running the telnet service.

What Telnet is?

Telnet is an old service used for remote management of other hosts on the network. 

To install telnet on WSL:

└─$apt-get install telnet

Since the target is running the "Telnet" service, so it can receive telnet connection requests from other hosts in the network (such as ourselves) by using this command.

└─$ telnet

Usually, connection requests through telnet are configured with a username and password combinations for increased security. We can see this is the case for our target, as we are met with a Hack the Box banner and a request from the target to authenticate ourselves before being allowed to proceed with remote management of the target host.

We will need to find some credentials that work to continue since there are no other ports open on the target that we could explore.


Sometimes, due to configuration mistakes, some important accounts can be left with blank passwords for the sake of accessibility. This is a significant issue with some network devices or hosts, leaving them open to simple brute-forcing attacks, where the attacker can try logging in sequentially, using a list of usernames with no password input. Some typical important accounts have self-explanatory names, such as:
  • Admin
  • Administrator
  • Root

Let’s attempt logging in with these credentials in hopes that one of them exists and has a blank password.

The first two were not so lucky for us. When things look down, it is essential to keep going, be persistent. We can't succeed unless we attempt all possibilities. Let us try the last one.

Success! We have logged into the target system. We can now go ahead and take a look around the directory we landed in using the ls command. There is a possibility we might find what we are looking for.

The flag.txt file is our target in this case. Most of Hack The Box's targets will have one of these files, which will contain a hash value called a flag.

The naming convention for these targeted files varies from lab to lab. For example, weekly and retired machines will have two flags, namely “user.txt and root.txt”.You can read the file to have the hash value displayed in the terminal using the cat command:

root@meow:~# ls
flag.txt snap
root@meow:~# cat flag.txt

Copying the flag and pasting it into the Starting Point lab's page will grant you ownership of this machine, completing your very first task.

Task Solution/ Answer:

TASK 1: What does the acronym VM stand for?

Ans. Virtual Machine

TASK 2: What tool do we use to interact with the operating system in order to start our VPN connection?

Ans. Terminal

TASK 3: What service do we use to form our VPN connection?

Ans. OpenVPN

TASK 4: What is the abreviated name for a tunnel interface in the output of your VPN boot-up sequence output?

Ans. tun

TASK 5: What tool do we use to test our connection to the target?

Ans. Ping

TASK 6: What is the name of the script we use to scan the target's ports?

Ans. nmap

TASK 7: What service do we identify on port 23/tcp during our scans?

Ans. telnet

TASK 8: What username ultimately works with the remote management login prompt for the target?

Ans. root

Post a Comment

If you have any doubts or any queries you can specify here.

أحدث أقدم