Cannot access machine on kali

HTB Content
1

Hi,

I cannot access the machines for starting point anymore through Kali. It all worked fine but now it doesn’t anymore.

I connected to the starting point VPN (correct .ovpn file) and this is the log:

2023-07-31 10:36:52 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.
2023-07-31 10:36:52 Note: --data-cipher-fallback with cipher ‘AES-128-CBC’ disables data channel offload.
2023-07-31 10:36:52 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-07-31 10:36:52 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2023-07-31 10:36:52 DCO version: N/A
2023-07-31 10:36:52 TCP/UDP: Preserving recently used remote address: [AF_INET]23.19.62.80:1337
2023-07-31 10:36:52 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-07-31 10:36:52 UDPv4 link local: (not bound)
2023-07-31 10:36:52 UDPv4 link remote: [AF_INET]23.19.62.80:1337
2023-07-31 10:36:52 TLS: Initial packet from [AF_INET]23.19.62.80:1337, sid=fca59c1a d6b68c10
2023-07-31 10:36:53 VERIFY OK: depth=1, CN=HackTheBox
2023-07-31 10:36:53 VERIFY KU OK
2023-07-31 10:36:53 Validating certificate extended key usage
2023-07-31 10:36:53 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-07-31 10:36:53 VERIFY EKU OK
2023-07-31 10:36:53 VERIFY OK: depth=0, CN=htb
2023-07-31 10:36:53 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-07-31 10:36:53 [htb] Peer Connection Initiated with [AF_INET]23.19.62.80:1337
2023-07-31 10:36:53 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-07-31 10:36:53 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-07-31 10:36:53 PUSH: Received control message: ‘PUSH_REPLY,route 10.10.10.0 255.255.254.0,route 10.129.0.0 255.255.0.0,route-ipv6 dead:beef::/64,tun-ipv6,route-gateway 10.10.14.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 dead:beef:2::106a/64 dead:beef:2::1,ifconfig 10.10.14.108 255.255.254.0,peer-id 36,cipher AES-256-CBC’
2023-07-31 10:36:53 OPTIONS IMPORT: --ifconfig/up options modified
2023-07-31 10:36:53 OPTIONS IMPORT: route options modified
2023-07-31 10:36:53 OPTIONS IMPORT: route-related options modified
2023-07-31 10:36:53 net_route_v4_best_gw query: dst 0.0.0.0
2023-07-31 10:36:53 net_route_v4_best_gw result: via 10.0.2.2 dev eth0
2023-07-31 10:36:53 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:22:46:4f
2023-07-31 10:36:53 GDG6: remote_host_ipv6=n/a
2023-07-31 10:36:53 net_route_v6_best_gw query: dst ::
2023-07-31 10:36:53 sitnl_send: rtnl: generic error (-101): Network is unreachable
2023-07-31 10:36:53 ROUTE6: default_gateway=UNDEF
2023-07-31 10:36:53 TUN/TAP device tun2 opened
2023-07-31 10:36:53 net_iface_mtu_set: mtu 1500 for tun2
2023-07-31 10:36:53 net_iface_up: set tun2 up
2023-07-31 10:36:53 net_addr_v4_add: 10.10.14.108/23 dev tun2
2023-07-31 10:36:53 net_iface_mtu_set: mtu 1500 for tun2
2023-07-31 10:36:53 net_iface_up: set tun2 up
2023-07-31 10:36:53 net_addr_v6_add: dead:beef:2::106a/64 dev tun2
2023-07-31 10:36:53 net_route_v4_add: 10.10.10.0/23 via 10.10.14.1 dev [NULL] table 0 metric -1
2023-07-31 10:36:53 sitnl_send: rtnl: generic error (-17): File exists
2023-07-31 10:36:53 NOTE: Linux route add command failed because route exists
2023-07-31 10:36:53 net_route_v4_add: 10.129.0.0/16 via 10.10.14.1 dev [NULL] table 0 metric -1
2023-07-31 10:36:53 sitnl_send: rtnl: generic error (-17): File exists
2023-07-31 10:36:53 NOTE: Linux route add command failed because route exists
2023-07-31 10:36:53 add_route_ipv6(dead:beef::/64 → dead:beef:2::1 metric -1) dev tun2
2023-07-31 10:36:53 net_route_v6_add: dead:beef::/64 via :: dev tun2 table 0 metric -1
2023-07-31 10:36:53 Initialization Sequence Completed
2023-07-31 10:36:53 Data Channel: cipher ‘AES-256-CBC’, auth ‘SHA256’, peer-id: 36, compression: ‘lzo’
2023-07-31 10:36:53 Timers: ping 10, ping-restart 120

Traceroute:
└─$ traceroute 10.129.111.77
traceroute to 10.129.111.77 (10.129.111.77), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

However if I try to ping my machine:

└─$ ping 10.129.111.77
PING 10.129.111.77 (10.129.111.77) 56(84) bytes of data.

— 10.129.111.77 ping statistics —
11 packets transmitted, 0 received, 100% packet loss, time 10220ms

ifconfig tun0:
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.10.14.9 netmask 255.255.254.0 destination 10.10.14.9
inet6 dead:beef:2::1007 prefixlen 64 scopeid 0x0
inet6 fe80::4972:f44e:6089:7bf1 prefixlen 64 scopeid 0x20
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 562 bytes 53065 (51.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Can anyone help me?
Kr

2

for normal machines u must use your lab config, for active season machines you need to use the competitive config

3

It seems like you are experiencing connectivity issues when trying to access the target machine in the Starting Point network. There could be several reasons for the problem you are facing. Let’s try to troubleshoot the issue step by step:

  1. VPN Connection: First, ensure that your VPN connection to the Starting Point network is established correctly. Verify that you have the correct .ovpn configuration file and that you are connected to the VPN. You can check your public IP address to confirm if the VPN is working correctly.
  2. Routing Issue: The traceroute output indicates that you are not able to reach the target machine (10.129.111.77) within the Starting Point network. This could be due to a routing issue. Make sure that you have the correct routes set up for the Starting Point network.Check your routing table using the following command:

Copy code

route -n

Ensure that there is a route for the Starting Point network (10.10.10.0/23, 10.129.0.0/16) pointing to the correct gateway (10.10.14.1). If the routes are missing, you can add them manually using the route command.

4

Here are the possible reasons for this:

  • you might have changed your name so the previous ovpn file would not work you will have to download a new file for this
  • The server maybe causing problems so just download a new OVpn file for you.
    This should work also update me if you further doubts.