Tier 0: HackTheBox Starting Point - 5 Machines - Full Walkthrough (for beginners)
Вставка
- Опубліковано 6 сер 2024
- Learn the basics of Penetration Testing: Video walkthrough for tier zero of the @HackTheBox "Starting Point" track; "the key is a strong foundation". We'll cover 5 different machines; Meow, Fawn, Dancing, Explosion and Preignition, exploring the basics of enumeration, service discovery, directory busting (fuzzing) and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
Sign up for HackTheBox: hacktheboxltd.sjv.io/xk75Yk
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
UA-cam: / cryptocat23
Twitch: / cryptocat23
↢HackTheBox↣
affiliate.hackthebox.com/cryp...
/ hackthebox_eu
/ discord
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
Start: 0:00
Connect to VPN: 1:40
Meow: 5:17
Fawn: 10:20
Dancing: 18:20
Explosion: 25:19
Preignition: 38:05
End: 45:54 - Наука та технологія
What I like about the videos is that you allow yourself to make mistakes and keep going, you don't cut or edit anything. For those of us just starting out, this is helpful because we can empathize with the situation and see in real-time how you resolve problems when they arise. Thank you, greetings from Argentina.
Thanks mate, appreciated! The longer I've been making videos the more I've got in the habit of cutting parts out so as not to waste viewers time but maybe after your feedback I'll return to a more raw format 🥰
@@_CryptoCat yeah i always like the raw format, please
Great content! I love the flow you have as you go through these. Very natural and authentic.
Thank you! Very much appreciate it 😊
this guy is the guy I wanna be in about 2/3 years. If I am consistent and keep practicing I feel like I can get to this level and he gives me hope. Thanks so much for the content! new subscriber here
That's it mate! Stick with it and you'll get there in no time 🔥
How is going after 9 months?
@@mrsheep5848 how is going after 9 months and 3 weeks?
@@mrsheep5848 I think he is a elite hacker by now
how are you an year later?
I’m new to cybersecurity/hacking. I decided to just simply search for some HTB videos and this came up. It’s given me more confidence to keep moving forward with learning these skills. I’m pumped! Thanks for the awesome content.
Thanks mate, great to hear! 🥰
How is your progress so far?
How it going
Real
Since making this video, HackTheBox have added more tier 0 machines:
Redeemer: ua-cam.com/video/usZ78an3jXE/v-deo.html
dir busting... I would never figure this out :D Spend like 30 mins googling for this answer and luckly found you channel :) Thanks !
awesome! welcome my friend 🥰
Incredible content mate, truly impressed here with precision of the information and conciseness. Looking forward to more content from you sir.
thanks mate, appreciate it! 💜
One tool I really like for learning or remembering command usage rather than -h or man is tldr. It's a node/npm package that just gives a nice quick list of example usages for any particular command so you don't have to try to parse through all the help text for common usages.
That's gonna come in super handy! Thanks for sharing 💜
just installed it, i love !
But one think some time I forget to play a day the point will automatically loss or nothing to loss
Legend 👍
I already have used this to find commands quickly more than couple of times in last one hour only. Thanks for sharing this
I've been on HTB Academy since last year and I am always afraid to tackle these Machines, but seeing your walkthrough gave me courage! Took me at least 40+ mins to PWN Meow hahahaha before I saw this video. sometimes my nmap doesnt scan quite as fast as yours does. Thank you so much for the awesome content!
Awww that's really nice to hear, TY 🥰 Haha d/w my NMap is probably not much different to yours - I edit out the long wait times 😉
@@_CryptoCat Ohhh!! Hahahaha I thought I was just trippin, I always suspend the command and do another command 😂😂😂 cause I cant wait like 10 mins. Its usually longer right?
@@DONUTSKIE It depends on the box (and your network), I typically use Masscan to scan all 65k TCP and 65k UDP ports as it's very fast. Then I feed the open ports into NMap for service discovery, scripts etc. You can also run NMap with the -vv option so you'll see the open ports as they are discovered, without needing to wait for the scan to complete 😉
I like it too, keep it up bro :)
Just Logged in today in HTB and every things is going above my head !!
gottta Learn Moreeeeee!!!!!!
that's it mate, you'll get there! 🙂
Appreciate it, man. Thanks.
I liked it, waiting for the next tier :)
thanks bro 🥰
This was VERY helpful, thank you!!!
🙏🥰
Thank you ❤️ it was really helpful
Thank you for your for sharing your experience here
No problem! 🥰
they should be offering this video on the site for me and my fellow dummies
😂🙏
Very well explained. Thank you
🙏🥰
Dope! Thanks dude
npz! 👊
Really appreciate this video!!!
thanks mate! 🥰
this video helped me a lot. keep it up. thanks
Thanks mate 🙏🥰
great walkthrought!
thanks mate 🥰
"very easy" meanwhile im completely lost.
Difficulty is always contextual (running is "very easy", but not if you don't know how to walk), you'll get there! 👊
But how am I supposed to get there if this is the easiest and I’m still lost? How am I supposed to learn with that?
@@CaptainAeroz If you get lost, check out the walkthroughs/writeups or do some background research on whatever you're confused about.. e.g. if you working on a challenge that requires nmap and you have no idea what that is or how to use it, go and read the documentation or watch a tutorial etc. Knowledge is incremental, learning is the important thing, not how fast you get there.
I have no idea what any of this even is tho
Well explained !
thank you! 🙏
Thanks alot buddy
Any time mate! 👊
thank you, you are amazing =)
awww thank *you* 💜
Thank youuuuu
It helps me a lot =)))
aww thank you! love the profile pic 😁
Thanks very much
Any time! 👊
Awesome tutorial
thanks mate! 🥰
太棒了务必坚持更新下去
谢谢你
Finally got a way to start learning hacking … finally!
🔥
I guesa i understand the plattform now. ty
its hard to understand but its ok 😊 web CTF in detail for beginners 🙏🙏🙏 love form INDIA
thanks mate 🥰🥰🥰
Ive loved computers and machines all my life, ever since I played my mom's ipad when I was like 4. Unfortunately, my highschool let me down and they don't have any kind of cyber security programs of classes. Guess I need to start learning myself if I wanna have a chance at getting a degree.
My high school was the same unfortunately! Never too late to start learning 😉
I'm newbie, i'm from in VietNam, thanks you so much for the ibformation
Thanks mate! I love Vietnam, will try and get back out there next year 💜
Tysm
💜
thank you!!!!!!!!!!!!!
🥰
Props
Very good and top
Thank you! 💜
IT's fantastic!
🥰🥰🥰
Really good job, thanks from Russia 🇷🇺👍🏻
thanks mate 🥰
this is fucking awesome.
thank you! 💜
Hi @crypto cat. Thanks for doing this . I just want to mention that with a KAli VM in VMware workstation I am unable to connect my terminal in there - I ran the command openvpn startingpoint.ovpn but after saying initiatlisation completed nothing else happens. RIght I am connected to the OpenVpn on my Windows PC and it is green on HTB so I can follow the walkthrough in this video but cannot do the technical part because of the explanation of my challenge i mentioned earlier.
Hey, you said nothing happens.. Has it worked before? Are you able to ping the machine from your VM? Have you tried to reset VM? Reset VPN? Regenerate VPN pack? Switch servers? Checked the HTB discord/forum for support?
No need to specify "-sS" when running nmap with root privileges, because it automatically runs a SYN scan by default when available. Your machine prob just needed a few more seconds to fully boot
nice, ty! 💜
Yooooo what theme is that for the parrot terminal that's the coolest terminal theme I've ever seen!
thanks 😁 here's a screenshot of the colour palette: imgur.com/a/EXSO6l0
the only problem is when running some scripts e.g. LinPEAS, the colours wont be very useful 😆
Which video recording program are you using ?
Which Linux do you use buddy? Really enjoyed that Video. Greetings from Germany
Thanks mate! I'm using ParrotOS at the moment but Kali Linux is also a great distribution for learning pentesting 😊
Looks like they have updated the questions
I use Kali through Windows remote desktop and did xrdp wsl2 to get the kali gui. I have ubuntu and kali app on windows. Do i need to download ubuntu again on the remote desktop? thanks.
Ermm I'm not too sure what this is referring to, can you timestamp the video where you are stuck? You shouldn't need Kali AND Ubuntu 🤔
Do I need to know Java, ASP, PHP, Bash, Python, and the rest of the Programming Language to solve the HackTheBox challenges?
Nope! Generally, being able to read code is useful but you don't need to be an expert in any one language.
On the second machine, when I try to use the ls or other commands with ftp, it tells me: "500 Illegal PORT command." does anyone know what i am doing wrong
hey, check this see if it helps: serverfault.com/a/450655
i don't have xfreerdp install on my parrot os. When i try to install i get an error " The following packages have unmet dependencies: freerdp2 -x11 : Depends: libfreerdp-client2-2 (= 2.3.0+dfsg1-2+deb11u11) but 2.7.0+dfsg1-1~bpo11+1 is to be installed" . Can someone please help me with this issue. Thanks.
Try running this in terminal:
sudo apt-get install libfreerdp2-2
What is the second window being used to get the info. Command prompt or something else?
Which part of the video? Can you give timestamp?
im having trouble with the connection in my VM or Kali OS (non virtual), it said "Destination host unreachable.." and won't ping to target. Can u help me anyone?
Double check your connection to the VPN. If it's all connected, try to restart the box and VPN. Have you been connected before?
Hey I don't if you read my meassage but in today's date they added vip subscription for this basics is there any soln for this?
Oh no! I didn't hear about that 😞
Hi CryptoCat, I am really liking HTB, but i keep getting VPN disconnects on the website, even though ifconfig still shows a "tun" connection. I have tried classic HTB too with no change. Any tips?
Hmmm you could try and swap server / generate a new VPN connection pack. Does the tun adapter still have an IP address when it disconnects? If you keep running into issues try the support channel in discord.gg/hackthebox 😉
why do you connect to hackthebax wepage frum the VM?. Any risks connecting on the laptop itself?
I just do everything in a VM, to keep my personal PC separate from my hacking.. It's not so much for security as it is to keep my main system clean of tools, files or other artefacts. VMs of course provide the additional security too though!
when I scan the port of Meow
with Nmap , it is showing filtered and I am not being able to connect to it.
Hmmm if you are running the same scan as in the video, try to reset the machine. It can take a couple of mins for services to fully boot as well.
@@_CryptoCat yes it works thanks
I'm going back to school for cybersecurity this year. Studying for the A+ and the Sec+. I've been having a problem getting The machines to ping. I'm connected to the VPN and I can ping the tunnels but then I'll go to ping the machine and nothing happens
I would check on the HTB forums or discord, there's probably some troubleshooting steps and tech support if all else fails. Good luck with your studies! 🙂
@@_CryptoCat thank you, I'll check it out tonight after work
only 4 machine is free now and i have to pay for those upgrade vip why is that?
yo I got a issue, im on parrot os and I can't install xfreerdp (package "freerdp-x11" has no installation candidate). It refers me to install freerdp2-x11, but it also errors:
freerdp2-x11 : Depends: libfreerdp-client2-2 (= 2.3.0+dfsg1-2+deb11u1) but 2.9.0+dfsg1-1~bpo11+1 is to be installed
E: Unable to correct problems, you have held broken packages.
I've searched for answers but found none, tried apt update, apt upgrade, apt --fix-broken install -y, nothing is working and im pretty sure some libraries are broken or something.
nevermind, got it working, had to downgrade some packages for some reason
Are these starting points going to be helpful if I want to become a pro and I am starting from zero.
Sure! You've got to start somewhere 🙂
How did you get your text colors for your terminal at the start
Here's a screenshot of the theme settings, which I adapted from a DefCon theme I saw on reddit: imgur.com/a/gCnvq8A
Only thing I'd say is when using certain tools, e.g. LinPeas, the colours won't be very helpful (for identifying what is most vulnerable). Best to keep an OG profile that you can quickly swap to when running certain tools 😉
In the dancing challenge i am getting "Warning: .......... giving up on port because retransmission cap hit (10)." please let me know how to get rid of it
Tried to reboot the box + VPN?
Can you share your terminal color text sir ? I very love it .
Of course! You can check it here: imgur.com/a/gCnvq8A - beware that some tools really benefit from a standard colour profile though, e.g. linpeas, so it's good to create a separate profile that you can easily swap between 🙂
how do i use a linux terminal if i have windows as my OS?
can i use a virtual machine from virtual box and run OVPN on it and just do all the challenges on it?
You can use something like Putty and Boxstarter on windows: boxstarter.org. I'd recommend using a linux system though, it's important to learn.
Um i have no idea where the vpn is downloaded? do i download it through the terminal or my own user? how do i access it through the terminal?
3:10
whent i type ftp in the terminal it says the command isnt found ?
try "sudo apt-get install ftp"
what would i download from kali linux to do what ur doing? Im so new to all of this lol.
tbh you shouldn't need much.. kali comes with many tools built in and if anything is missing you can probably run "sudo apt-get install " to install 😉
Hi! Amazing Video! what OS are you using?
Thanks mate! My Linux VM is Parrot OS, but tbh I'll be swapping back to Kali next time I make a VM (Parrot is soooo slow to update packages rn). My Windows VM is Commando VM by Mandiant (kind of a Windows version of Kali) but I also plan to swap it with a standard Windows VM when I cba because it's really overkill for my needs (takes a lot of space, low performance).
@@_CryptoCat Amazing! Thank you mate!
I’m doing Fawn on their pwnbox and everytime I get down to finding the flag in ftp it says command not found and then when I use Sudo it asks for a password that it never takes. Someone please help!!!!
I haven't really used the pwnbox but if you don't get it working you can DM me some screenshots on Twitter @_CryptoCat and i'll try to help 🙂
Just in case anyone needs the answer to this problem after you enter command 'get flag.txt' you need to open a new tab in the terminal and enter 'ls' then 'cat flag.txt' which will open the text if you followed the steps. Hope that helps.
When i do the Nmap scan it says that the host is down, how do i fix this
make sure you've given the box time to boot.. try run nmap again with -Pn flag.. check VPN connectivity.. check for firewall issues etc
is there a way to get the virtual machine for longer then 2 hours?
I doubt it 😞
But one think some time I forget to play a day the point will automatically loss or not to loss
Ermm are you asking if the questions/answers reset if you don't finish the box within 24 hours? I don't think they do..
Gotta doubt...
Do you think i can do web app penetration testing and ctf's in a rasberry pi 4 with a 8 GB ram??
i dont see why not! there's instructions for installing kali on pi 4: www.kali.org/docs/arm/raspberry-pi-4/
the better the spec, the better the performance will be of course but it should be fine for learning 😉
@@_CryptoCat yeah i know but wanna make sure that it can handle multi threading while using tools like hydra, gobuster, burpsuite, etc...
so i guess i have to add some fans to it
When i use this openvpn /path/to/starting.....ovpn the openvpn code is some how not working in my linux mint??! And can not connect to vpn ??!
is openvpn installed? what does it say?
Thanks for the video man! I rly wanted to learn cybersecurity and decided to start with doing hacktheboxes and I found you. Well, lucky for me, this was a very fun experience and I also learned a lot of new stuff. Keep going!
Love to hear it! Thanks mate 🥰
@@_CryptoCat Btw do you know how I can install nmap on parrot os? I tried it but I can't do it
@@jake5129. Is NMap not pre-installed? I would be very shocked if that's the case but if so "sudo apt install nmap" 😉
its not giving me to do explosion , it says i need to upgrade
Which tool says this? Can you give the full output?
Hello sir When I try sudo nmap -sV ipaddress of the machine it takes more time is it usual or is there any problem in my nmap tool and also in command Starting nmap 7.92 at end for you after timing GMT is shown but for me it shows +530 after timing but I have 7.93 version
Hi mate, I've not had many problems with the speed but a couple of suggestions; you could use rustscan to scan TCP ports (it's very fast) or do what I do, use masscan to scan all 65k TCP *and* UDP ports, then feed the open ones to nmap (maybe you're doing this already, not sure if I mentioned in the video). You can also check for posts on HTB forum/reddit/discord as you are certainly not the only person to experience this issue: forum.hackthebox.com/t/why-nmap-scanning-is-too-slow/2352
@@_CryptoCat ok 👍 Thanks for your reply 🥰 you are the reason i believe and started learning on CTF thanks for your hard work 👍
@@jeonmichael1482 Awww thanks mate, keep it up! 👊
@@_CryptoCat Brother Sorry for asking this type of silly questions Is it ok to learn from tutorial as a beginner and apply on capture the flag or is there anything learn before doing this type of capture the flag on hack the box lab ? Can you give some suggestions bro pls 🙏
@@jeonmichael1482 It's definitely OK to do that. I'd recommend get stuck into CTFs and HTB, if you can't find the flags or root the boxes, follow tutorials/writeups until you can 🙂
Its saying "You must stop your active machine before spawning another one." help!!
Did you stop the active machine? 😁 You should be able to see it along the navigation bar at the top. If that fails, logout/login or switch VPN server 😉
how did you make your cursor always hand cursor?
magic
good question lmao.. i have no idea xD
Just heard about HTB yesterday. So do I need to install Kali Linux to use the OVPN?
Yep, you'll need to connect with openvpn using the .ovpn file. Other operating systems will do but kali/parrot are probably the most popular. Alternatively, you can checkout the HTB pwnbox which is like a parrot VM running in the browser.
Alright cool. I have Linux Mint installed for one of my classes. Would it work on that or does it need to be Kali to use .ovpn?
@@TheWaken Linux Mint should be fine. If openvpn isn't pre-installed, it'll be easy enough to setup 🙂
@@_CryptoCat Cool, thank you.
I got connection refused when I tried to telnet in my Kali Linux with windows openvpn connected I can ping the IP in the VM
Is this part of one of the 5 machines in the video? Been a while since I recorded if you can point to me to the timestamp I'll try to help!
@@_CryptoCat yes very easy, but I'm just taking answer and pasting them. I cannot ssh and telnet in the VM's
@@michaelinzo OK, so you connect your VM to the HTB VPN and you *can* ping the target machine, but can't telnet/SSH on *any* box? Has it been a long running issue? Did you say you're using Windows? Any AV/Firewall issues?
@@_CryptoCat Yeah I can ping and stuff etc. and yeah I have Bitdefender currently installed but I already add exemption to VM workstation IP. I got AV because there's a lot of attacks recently and I need to be really careful.
@@michaelinzo If you disable your Bitdefender for a min does it work? I've had endless problems with security software interfering with VMs I use for malware analysis, pen-testing etc. I had to switch from Bitdefender to Kaspersky a few years ago because they were unable to provide enough flexibility for me to do my academic research, i.e. even when fully disabled, their software blocked my lab machine functionality.
If might not be your AV/firewall but the best way to troubleshoot is via process of elimination.. Check more steps here: wpastra.com/guides-and-tutorials/ssh-connection-refused/
Can a non vip htb member follow this? Or only vip members can access and solve the problems??
Some of the machines are VIP only, but most are playable for free 😉
sir, my machine meow the port telnet not open port, all port is closed when i scan with nmap. what the solution please.
Ermmm that shouldn't be the case 🤔 Try to ping the box and make sure you have a connection, if not.. Double check VPN connectivity and restart.
@@_CryptoCat the connection is good sir, when i scan with map all port is closed (the text approximately says -> 1000 port close not shown)
@@ghaisaniraqilla2163 Hmm ok that's strange, are you using the same NMap options as the video? You could try the -Pn flag as well.. Any local Firewall that could be blocking? What happens if you try to connect to the telnet service anyway?
Why do start doing tasks before even learning the basics? Did I miss that part? Thanks!
Definitely learn the basics first.. This is an introduction to penetration testing but that in itself is a niche area of computing. There's lots of videos out there covering the basics of linux, networking, web fundamentals etc which will help provide a base of knowledge to make pen-testing easier. If you have any specific questions (any basics you're unsure about), do let me know!
@@_CryptoCat i appreciate it!
Can someone help me? I have tried to ping, traceroute, and run an nmap scan on the IP that HTB gives me and all of them are telling me that the machine is down? How can I fix this?
Hey, sure! If it's worked for you before, try rebooting the box and maybe switch VPN server. If you are just getting setup for the first time, check the forum for troubleshooting steps, e.g. forum.hackthebox.com/t/hosts-seems-down/3227 and there's lots of support in the discord: discord.gg/hackthebox
@@_CryptoCat So I tried on my desktop and laptop and got the same error. So I made a new account and now it's working normally? Is my first account just broken?
@@garretthatch3484 Hmm strange! Sometimes I've seen VPN issues where you need to regenerate the connection pack for your account. You could try that if it happens again or check the support channel in discord 🙂
i need help when i run nmap it says host is down
Have you been able to connect before? Double check the machine is up and running and you are connected to the VPN. If so, try to restart the box or regenerate your VPN config. Also, try to ping the machine to see if it times out 😉
i dont have access to a good computer, does hackthebox work on the phone?
Hmmmm maybe with the help of their pwnbox, but I can't imagine it's a nice experience xD
after you ping the ip address how do you get it to stop?
CTRL + C, should do it 🙂
uno the terminal ur using whered u get it from
actually it's just the default terminal that comes install on the parrotos, i just changed the colours: imgur.com/a/kcFR9id - i kinda wanna swap to tmux for some additional functionality but i'm just so used to things the way they are 😅
@@_CryptoCat when i idownload parrotos then what cause when i open it nothing happenes
@@easharsidhu9339 hmmm you mean when you open the terminal? you can right click and go into the preferences to get up the user options
what vm are you using and what app are u using?
Using VMWare workstation. Not sure which app you mean? Maybe the operating system.. if so, it's Parrot OS 😉
If you don't understand this video, where do you go? I am dying to start pentesting but I don't understand half I read :( I can download and install Linux in a VM, but from there I am lost. Who in YT can help?
Any particular you don't understand? Probably the best recommendation is to check the official PDF walkthrough (and some other walkthroughs on Google) as it may have more detailed steps. If there's a part of the video/walkthrough you really don't get, e.g. NMap scans, then go and look for videos/writeups/tutorials specific to that tool/idea you are unsure about. HackTheBox academy has some really nice beginner-focused content as well 🙂
@@_CryptoCat Thank you so much for answering. I will look for pdf tutorials and keep on going from there. 🤩
so i am unable to do this in command prompt?
Ermmm I would typically use Linux (kali/parrot ideally but Ubuntu is OK) for pen-testing, but you can check out Commando VM: www.mandiant.com/resources/commando-vm-windows-offensive-distribution
Do I have to install kali Linux to connect to HTB VPN?
nope! whatever operating system you are working from you can connect to the VPN. i would recommend using a virtual machine though 😉
@@_CryptoCat Thanks! I’m new to the cybersecurity space and I'm looking to get some practice and experience under by belt. I'm just having trouble getting this VPN to connect. I'm currently running out MAC
@@WealthyMindsFinance i not got much experience with MacOS but try openvpn.net/client-connect-vpn-for-mac-os/ if you're not using already
For anybody else that has absolutely no idea what they are doing but are trying to follow along & are in the comment sections because you are trying to see if there are other people that have absolutely no idea whats going on then you have come to the right place, its me…. I have no idea whats going on after trying many things lol don’t worry guys we are going to get through this.
Do you have any videos for the absolute beginner?
The HTB starting point is aimed at absolute beginners *but* some general knowledge about IT/networks will really help. TryHackMe is a bit more guided so if you find HTB wayyy too hard, check it out first 😉
Isn't the active port for ftp 20?
It is indeed! 💯
telnet: Unable to connect to remote host: No route to host
what should i do bro ?
Probably a connectivity issue, you could try and ping the box. If no response, double check your VPN connection and reboot the machine. If that fails, maybe try and swap VPN servers (re-download the connection pack).
@@_CryptoCat Thank u so much
Are you doing Kali on a virtual machine?
I'm using Parrot OS but Kali is also good!
are you doing this in a VM or your actual computer?
Always inside a VM!
@@_CryptoCat thank you so much for the reply you’re a life saver 😁