Unable to connect to Target Machine from Kali Linux


I’ve connected to the starting point vpn from my Kali Linux and when I try to ping its ping, it works fine.
But when I try to ping the IP address of Meow machine that I have been given I am not able to connect to it.
It is strange, since when I try to ping the IP address of the starting point vpn in my Kali Linux it works fine.

BTW, can I connect to a target machine that I see in my browser on my computer from Kali Linux which is on my VM?

Thank you in advance


I’m not sure what you mean with “ping its ping”. Easiest way to see if you are succesfully connected to the HTB VPN is checking the IP adress of the tun0 Interface. Normally, that’s the interface that is opened when connecting to the VPN via openvpn.
So just connect via sudo openvpn yourOpenvpnFile.ovpn. Background it or open another window in your terminal and execute ip a
You should see your Loopback Interface with, the IP of your host if you’re running a VM and then tun0. This is your HTB-VPN ip, should start with “10”. If you see that, it means you are connected. HTB website should also tell you in the upper right corner, sometimes it takes a moment until your connection status is updated there.
Connecting via VPN is only needed, if you don’t use the web based attack machine, but I’d always prefer my own VM over the web bases attack machine.

You can then start a machine that sits in the network (e.g. starting point), wait for it to reveal its IP and then ping it. ping <<IP_OF_TARGET>>. If the machine doesn’t answer ping it maybe isn’t fully booted yet or it just doesn’t respond to ping. Wait 2 minutes and try again. If it still doesn’t answer you can nmap scan it with the -Pn flag. Nmap then doesn’t ping the machine to see if its up and starts port scanning directly. If nmap results have open ports, you do have access the target and it just doesn’t respond to ping.

To your other problem, not sure if i get you right. You can spawn a machine from your host’s browser and then access its webserver via your Kali VM (or else), as soon as the kali VM is connected via openvpn. Doesn’t matter from which machine you spawn the target in the HTB web interface.
Does that help? :smiley:

1 Like

Thank you very much for your response!

While trying to nmap the Meow machine it says: Host seems down.
When I try to ping <vpn_ping> it works just fine.
Something is wrong with the connection between the IP of the machine and my Kali Linux on VM.
But the connection to the starting point vpn works fine

Have you tried the nmap scan with -Pn? read on Twitter last days that people have problems with nmaps ping and use the -Pn option always.

What does the output of openvpn say? And have you tried another machine and ran into the same problems?

I’ve tried, but it takes such a long time, so I haven’t wait for it to finish.

I’m getting till 4.
I’ve read about it and some have said that it might imply about having connection problems from time to time, but I didn’t succeed in nmap at all…

My internet connection is fine, and when I use nmap on the IP of the vpn it works great

I have tried nmap on meow and on academy getting started and in both I am able to ping and nmap the vpn ip, but on the target ip I have problems and have not succeed nmap or ping it

How Long is “long time”?
And what do you mean by scanning the IP of the VPN? The IP of tun0 interface?

Thank you very much for your time and effort,

Long time for me is several minutes, like 2-3 minutes and then I stopped the process.

While connecting to the relevant vpn, on the right hand side of the screen one can see the ip of the vpn itself.

At the end of the openvpn it says that it was connected successfuly and tun 4 is written on the screen

No problem.
Okay thats not that long. NMAP takes its time. If you do a scan with all ports and -Pn this can take a while. Especially if you also you NSE (e.g. --script=vuln). If you do a UDP scan this takes even longer, can take around 15 minutes for the top 1000 ports only.
I’m still not sure which “IP of the VPN” you mean. But if you mean the IP adress, that you are assigned by the vpn (e.g. tun0 ip) and you scanned that, it would explain the time differences. This IP is your own adress, scanning this address means scanning yourself. That is blazing fast instead of having to connect to a IP address over the Internet. It’s something like scanning That is your own address too, that means you don’t have to leave your network so you have A LOT of Bandwith and the scan finished nearly directly.
You just need patience. Try running nmap with the -vv flag, this will output the scan progress from time to time and you can see what it is doing.

Thank you so much, that is excactly what I ment by the ip address of the vpn itself.

One more thing I don’t get is why I’m getting tun 4 while using openvpn?
My internent connection is fine and I’ve seen that tun 4 means that the internet connection is bad and you might lose connection every several minutes.
I was expecting to get tun 0 only, while using openvpn.

I’ve seen on youtube that when people have used ping on the target address it worked for then in seconds, and for me it takes a long time,
What might be an explanation for that?

Cool, we’re on the same page now :smiley:

Not really sure, openvpn always opened tun0 for me. You executed openvpn with sudo? If yes, i would again try switching between available VPN connections, regenerate a new .ovpn file. You can also try switching the protocol for the connection (UDP - TCP). Didn’t have the problem on HackTheBox, but I’ve had .ovpn files from TryHackMe that didn’t work 100% correctly, generating a new one did the trick. Otherwise i would suggest to reach out to HackTheBox support. Remember to screenshot the complete output of openvpn, so they see whats going on.

If you have multiple tun interfaces you have multiple instances of openvpn running which will create connection issues. sudo killall openvpn should clear them out. After that, restart openvpn.

When I used sudo killall openvpn it did the trick for the Meow module of Starting Point and I was able to work on it.
But, when I did the same thing for the module of Academy Getting Started it took a very long time to ping it, so I’ve stopped it, and when I’ve used nmap <Target Address> -Pn it took a very long time too and then it said:

Starting Nmap 7.92 ( https://nmap.org ) at 2021-11-07 01:39 EST
Nmap scan report for |Target Address|
Host is up.
All 1000 scanned ports on |Target Address| are in ignored states.
Not shown: 1000 filtered tcp ports (no-response)

Nmap done: 1 IP address (1 host up) scanned in 201.34 seconds

I know it supposed to give me the relevant ports, including 8080 port, but I don’t see it for some reason,

Thank you very much

Are you still stuck?

Have you tried traceroute?

Ping is a bit hit and miss for troubleshooting network problems - it’s really there just to see if a server is responsive. What you need to check is what path your packets are taking.

Using -Pn with nmap just hides that bit - if there is a network issue, you get all kinds of weird responses.

Thank you very much for your help!

Btw, I wanted to ask for your opinion,
After completing “Getting Started” module I have tried my first machine.
The problem is that I am still missing essential toolset like ffuf for example.
I wanted to ask which modules would you recommend before diving into solving machines?
Moreover, what is the best path for learning at this stage? Is it too soon for solving machines on my own?

And again, thank you very much for your help!

I dont have a good answer here. You will always feel like there is something else you can learn, but that’s part of the point of HTB. You cant ever really know if you are ready until you try.

Regarding tooling - this is very much a personal choice and you will also find that almost every box will need some new tools. We are lucky in security that there are millions of choices (for example wfuzz vs ffuf vs writing your own python script…), so I am not sure I’d call anything “essential” as such.

My only caveat would be that CTF boxes are varying in difficulty. Dont fall into the trap of thinking just because it is marked easy it will actually be easy.