Heya Guys,
Sorry but complete noob here…
Just joined HTB and was going to start at Starting Point, problem is i don’t know if Im connected correctly.
OpenVPN seems to have loaded up ok with the following:
marko@maptop:~/Downloads$ sudo openvpn B00rish-startingpoint.ovpn
Tue Mar 2 12:19:52 2021 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2019
Tue Mar 2 12:19:52 2021 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Tue Mar 2 12:19:52 2021 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Tue Mar 2 12:19:52 2021 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Tue Mar 2 12:19:52 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]5.44.235.95:1337
Tue Mar 2 12:19:52 2021 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Mar 2 12:19:52 2021 UDP link local: (not bound)
Tue Mar 2 12:19:52 2021 UDP link remote: [AF_INET]5.44.235.95:1337
Tue Mar 2 12:19:52 2021 TLS: Initial packet from [AF_INET]5.44.235.95:1337, sid=346bf8bb 1bc8698f
Tue Mar 2 12:19:52 2021 VERIFY OK: depth=1, C=UK, ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, emailAddress=info@hackthebox.eu
Tue Mar 2 12:19:52 2021 VERIFY KU OK
Tue Mar 2 12:19:52 2021 Validating certificate extended key usage
Tue Mar 2 12:19:52 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Mar 2 12:19:52 2021 VERIFY EKU OK
Tue Mar 2 12:19:52 2021 VERIFY OK: depth=0, C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu
Tue Mar 2 12:19:52 2021 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Mar 2 12:19:52 2021 [htb] Peer Connection Initiated with [AF_INET]5.44.235.95:1337
Tue Mar 2 12:19:54 2021 SENT CONTROL [htb]: ‘PUSH_REQUEST’ (status=1)
Tue Mar 2 12:19:54 2021 PUSH: Received control message: ‘PUSH_REPLY,route 10.10.10.0 255.255.255.0,route-ipv6 dead:beef::/64,tun-ipv6,route-gateway 10.10.14.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 dead:beef:2::1031/64 dead:beef:2::1,ifconfig 10.10.14.51 255.255.254.0,peer-id 40,cipher AES-256-GCM’
Tue Mar 2 12:19:54 2021 OPTIONS IMPORT: timers and/or timeouts modified
Tue Mar 2 12:19:54 2021 OPTIONS IMPORT: --ifconfig/up options modified
Tue Mar 2 12:19:54 2021 OPTIONS IMPORT: route options modified
Tue Mar 2 12:19:54 2021 OPTIONS IMPORT: route-related options modified
Tue Mar 2 12:19:54 2021 OPTIONS IMPORT: peer-id set
Tue Mar 2 12:19:54 2021 OPTIONS IMPORT: adjusting link_mtu to 1625
Tue Mar 2 12:19:54 2021 OPTIONS IMPORT: data channel crypto options modified
Tue Mar 2 12:19:54 2021 Data Channel: using negotiated cipher ‘AES-256-GCM’
Tue Mar 2 12:19:54 2021 Outgoing Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
Tue Mar 2 12:19:54 2021 Incoming Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
Tue Mar 2 12:19:54 2021 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlp1s0 HWADDR=00:e9:3a:ca:7d:c1
Tue Mar 2 12:19:54 2021 GDG6: remote_host_ipv6=n/a
Tue Mar 2 12:19:54 2021 ROUTE6: default_gateway=UNDEF
Tue Mar 2 12:19:54 2021 TUN/TAP device tun0 opened
Tue Mar 2 12:19:54 2021 TUN/TAP TX queue length set to 100
Tue Mar 2 12:19:54 2021 /sbin/ip link set dev tun0 up mtu 1500
Tue Mar 2 12:19:54 2021 /sbin/ip addr add dev tun0 10.10.14.51/23 broadcast 10.10.15.255
Tue Mar 2 12:19:54 2021 /sbin/ip -6 addr add dead:beef:2::1031/64 dev tun0
Tue Mar 2 12:19:54 2021 /sbin/ip route add 10.10.10.0/24 via 10.10.14.1
Tue Mar 2 12:19:54 2021 add_route_ipv6(dead:beef::/64 → dead:beef:2::1 metric -1) dev tun0
Tue Mar 2 12:19:54 2021 /sbin/ip -6 route add dead:beef::/64 dev tun0
Tue Mar 2 12:19:54 2021 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Tue Mar 2 12:19:54 2021 Initialization Sequence Completed
Once in, I can ping the target fine:
marko@maptop:~$ ping 10.10.10.27
PING 10.10.10.27 (10.10.10.27) 56(84) bytes of data.
64 bytes from 10.10.10.27: icmp_seq=1 ttl=127 time=277 ms
64 bytes from 10.10.10.27: icmp_seq=2 ttl=127 time=26.1 ms
64 bytes from 10.10.10.27: icmp_seq=3 ttl=127 time=24.5 ms
64 bytes from 10.10.10.27: icmp_seq=4 ttl=127 time=87.7 ms
64 bytes from 10.10.10.27: icmp_seq=5 ttl=127 time=110 ms
But, when i run the suggested nmap command i don’t get any output:
marko@maptop:~$ ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep [1] | cut -d ‘/’ -f 1 | tr ‘\n’ ‘,’ | sed s/,$//)
marko@maptop:~$
So im thinking im not even connected? And also getting paranoid I’m nmapping someone i shouldn’t be lol, how can i verify that that is actually the box?
a quick whois shows this:
marko@maptop:~$ whois 10.10.10.27
ARIN WHOIS data and services are subject to the Terms of Use
available at: Whois Terms of Use - American Registry for Internet Numbers
If you see inaccuracies in the results, please report at
Reporting a Whois Inaccuracy - American Registry for Internet Numbers
Copyright 1997-2021, American Registry for Internet Numbers, Ltd.
NetRange: 10.0.0.0 - 10.255.255.255
CIDR: 10.0.0.0/8
NetName: PRIVATE-ADDRESS-ABLK-RFC1918-IANA-RESERVED
NetHandle: NET-10-0-0-0-1
Parent: ()
NetType: IANA Special Use
OriginAS:
Organization: Internet Assigned Numbers Authority (IANA)
RegDate:
Updated: 2013-08-30
Comment: These addresses are in use by many millions of independently operated networks, which might be as small as a single computer connected to a home gateway, and are automatically configured in hundreds of millions of devices. They are only intended for use within a private context and traffic that needs to cross the Internet will need to use a different, unique address.
Comment:
Comment: These addresses can be used by anyone without any need to coordinate with IANA or an Internet registry. The traffic from these addresses does not come from ICANN or IANA. We are not the source of activity you may see on logs or in e-mail records. Please refer to Common questions regarding abuse issues
Comment:
Comment: These addresses were assigned by the IETF, the organization that develops Internet protocols, in the Best Current Practice document, RFC 1918 which can be found at:
Comment: RFC 1918 - Address Allocation for Private Internets
Ref: https://rdap.arin.net/registry/ip/10.0.0.0
OrgName: Internet Assigned Numbers Authority
OrgId: IANA
Address: 12025 Waterfront Drive
Address: Suite 300
City: Los Angeles
StateProv: CA
PostalCode: 90292
Country: US
RegDate:
Updated: 2012-08-31
Ref: https://rdap.arin.net/registry/entity/IANA
OrgTechHandle: IANA-IP-ARIN
OrgTechName: ICANN
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org
OrgTechRef: https://rdap.arin.net/registry/entity/IANA-IP-ARIN
OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: ICANN
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org
OrgAbuseRef: https://rdap.arin.net/registry/entity/IANA-IP-ARIN
Is that normal output for a HTB box?
thanks in advance,
Marko
-
0-9 ↩︎