Hack The Box ek aisi platform hai jo cybersecurity skills ko next level tak improve karne ke liye ek gamified aur hands-on training experience provide karta hai.
Main “Meow” machine ke solution steps cover karunga, jo ‘Starting Point’ labs ka part hai aur jiska difficulty level ‘Very Easy’ hai.
Sabse pehle Hack The Box portal par login karo aur Starting Point page par jao. Yahan aapko PWNBOX ya OVPN (OpenVPN) connection choose karne ka option milega.
- PWNBOX ek pre-configured, browser-based virtual machine hoti hai, jo bina kisi setup ke use ki ja sakti hai. Lekin iske unlimited access ke liye HackTheBox VIP+ membership zaroori hoti hai.
Maine is challenge ke liye OpenVPN method use kiya hai aur Kali Linux ko VirtualBox ke through run kiya hai.
Sabse pehle VPN (.ovpn) configuration file download karo. Fir ek terminal window open karo aur niche diya gaya command run karo –
sudo openvpn [filename].ovpn
📝 Note: [filename] ko apni downloaded .ovpn file ke naam se replace karo jo Starting Point lab ke liye download ki hai.
Aapko terminal ke end me “Initialization Sequence Completed” line dikhai degi, jo confirm karti hai ki ab hum Meow machine se successfully connect ho chuke hain.
Ab browser me page refresh karo taki naya connection dikh sake. Fir ‘Spawn Machine’ button par click karke machine ko activate kar sakte hain.
Jaise hi machine activate hogi, aapko ek target IP address dikhai dega. 🚀
Ab available tasks ko solve karo by providing correct inputs. Kuch tasks actually hints bhi hote hain jo machine solve karne me madad karte hain.
📝 Task 1: What does the acronym VM stand for?
✅ Answer: Virtual Machine
📌 Virtual Machine (VM) ek virtual environment hota hai jo ek virtual computer system ki tarah function karta hai. Isme apna CPU, memory, network interface & storage hota hai, jo ek physical hardware system par create kiya jata hai.
➡️ Hypervisor machine ke saare resources ko hardware se separate karta hai aur unko properly provision karta hai taki VM un resources ko efficiently use kar sake.
➡️ Virtualization technology allow karti hai ki ek physical system par multiple virtual environments share kiye ja sakein. 🚀
📝 Task 2: What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN connection?
✅ Answer: Terminal
📌 Terminal ek text-based interface hai jo Linux computer ko control karne ke liye use hoti hai. Isme hum specific commands execute karke system ke sath interact kar sakte hain.
➡️ Terminal ko console ya shell bhi kaha jata hai.
➡️ Linux me bash, zsh, fish jaise alag-alag shell hote hain jo terminal ke through commands execute karne me madad karte hain. 🚀
📝 Task 3: What service do we use to form our VPN connection into HTB labs?
✅ Answer: openvpn
📌 OpenVPN ek open-source VPN protocol hai jo Virtual Private Network (VPN) techniques ka use karke secure site-to-site ya point-to-point connections establish karta hai.
➡️ HTB labs se connect hone ke liye hum OpenVPN configuration file (.ovpn) ka use karte hain.
➡️ Yeh encrypted tunnel create karta hai jo network traffic ko secure karta hai aur remote resources ko access karne me madad karta hai. 🚀
📝 Task 4: What is the abbreviated name for a ‘tunnel interface’ in the output of your VPN boot-up sequence?
✅ Answer: tun
📌 TUN/TAP devices virtual interfaces hote hain jo VPN clients use karte hain taaki physical networking connections ka virtual instance create kiya ja sake.
➡️ TUN (network TUNnel) ek network layer (Layer 3) device simulate karta hai aur IP packets carry karta hai. Yeh routing ke sath use hota hai.
➡️ TAP (network TAP) ek link layer (Layer 2) device simulate karta hai aur Ethernet frames carry karta hai. Yeh user-space network bridge create karne ke liye use hota hai.
HTB VPN connection establish karte waqt TUN interface dikhai deta hai, jo confirm karta hai ki VPN successfully connected hai. 🚀
Task 5: What tool do we use to test our connection to the target with an ICMP echo request?
Answer: Ping
Ping (Packet Internet Groper) ek network utility tool hai jo ICMP (Internet Control Message Protocol) ka use karke network connectivity test karta hai.
Ping command ek ICMP echo request message target IP address par bhejta hai. Agar target machine reachable hoti hai, to woh ICMP echo reply message return karti hai. Ping network performance, round-trip time (RTT), packet loss aur connectivity check karne ke liye use hota hai.
Example: ping <target-IP>
Yeh command batayegi ki target machine accessible hai ya nahi! 
📝 Task 6: What is the name of the most common tool for finding open ports on a target?
✅ Answer: Nmap
📌 Nmap (Network Mapper) ek free & open-source tool hai jo network discovery aur security auditing ke liye use hota hai.
➡️ Yeh kisi bhi computer network par hosts aur services discover karne ke liye packets send karta hai aur unke responses analyze karta hai.
➡️ Open ports, running services, aur operating system detection ke liye Nmap ek powerful tool hai.
🔹 Basic Nmap Command: nmap <target-IP>
Yeh command target machine ke open ports aur services ko scan karegi! 🚀
📝 Task 7: What service do we identify on port 23/tcp during our scans?
✅ Answer: Telnet
📌 Telnet (TErminaL NETwork) ek network protocol hai jo ek computer ko remote session establish karne ki permission deta hai.
➡️ Telnet TCP/IP protocol ka use karta hai remote login ke liye.
➡️ Port 23 par Telnet service run karti hai.
➡️ Telnet insecure hota hai kyunki yeh unencrypted hota hai, yani credentials aur data plain text me bheja jata hai, jo man-in-the-middle (MITM) attacks ke liye vulnerable bana sakta hai.
🔹 Telnet Connection Example: telnet <target-IP> 23
Yeh command Telnet service se connect hone ki koshish karegi! 🚀
📝 Task 8: What username is able to log into the target over Telnet with a blank password?
✅ Answer: root
📌 Telnet par kuch systems me default credentials configure hote hain. Iss case me “root” username bina kisi password ke login kar sakta hai.
➡️ Agar root kaam na kare, to try karo:
- admin
- administrator
🔹 Telnet Login Command:
telnet <target-IP> 23
Phir root enter karo aur bina password ke login karne ki koshish karo! 🚀
📝 Task 9: Submit root flag
📌 Root flag dhoondhne ke liye Nmap ka use karke target IP ka scan karo aur vulnerabilities identify karo.
🔹 Nmap Scan Command:
nmap -sV -p- <target-IP>
Yeh sabhi ports scan karega aur bataega ki kaunsi services chal rahi hain.
✅ Telnet par root user se login karne ke baad, ls ya cat commands ka use karke flag.txt file dhoondo aur uska content submit karo! 🚀
Nmap scan se ye notice kiya ja sakta hai ki port 23/tcp open hai aur uspe Telnet service run ho rahi hai.
➡️ Telnet ek unencrypted remote login protocol hai jo root login allow kar sakta hai bina password ke.
➡️ Ab hum Telnet ka use karke target system me access le sakte hain.
Ab Telnet ke through target server se connect hone ke liye niche diya gaya command terminal me type karo:
🔹 Telnet Connection Command:
telnet <target-IP> 23
📌 Target_IP ko apni Meow machine ke IP address se replace karo.
✅ Agar port 23/tcp open hai, to aapko ek Telnet login prompt milega.
✅ Login ke liye root username try karo (password blank chhod do ya “admin”/”administrator” try karo).
Hum default username ka use karke bina kisi password diye connect ho gaye hain. Ab basic command “ls” ka use karo taaki server me available saare folders/files dekh sakein.
Hume flag.txt file dikh rahi hai, aur is file ka content dekhne ke liye “cat” command ka use karo, jo concatenate ko represent karti hai.
Flag value copy karo aur browser me submit karo. ✅
Aapko message milega “Meow has been Pwned”, jo confirm karega ki challenge successfully solve ho gaya hai. ✅🎉
Conclusion —
nmap scan run karo [target_ip] par aur dekho ki port 23/tcp open hai jo Telnet service run kar raha hai. Ab telnet [target_ip] command ka use karke target server se connect karo aur username “root” enter karo. Login hone ke baad “ls” command se sabhi available directories/files check karo. “flag.txt” file dikhai degi, uska content dekhne ke liye “cat flag.txt” command ka use karo aur machine solve karo. ✅🚀
