Im new to htb and wanted to start at the the starting point.
I wanted to connect myself to the vpn and after doing so i noticed i couldn’t type any commands afterwards, so i started openvpn in a seperate screen, after doing its thing it stated Initialization Sequence Completed .
When i then tried to continue with the nmap stuff, i stated that the port specifications are illegal. when i then tried to connect via the smbclient it told me: Connection to 10.10.10.27 failed (Error NT_STATUS_HOST_UNREACHABLE)
Hope you guys can help me
Welcome 
Can you ping the target system? I think the smbclient error might also mean that the host does not have any smb ports open.
About the nmap problem, can you post your command here? Maybe we can find the error.
You could also check if there may be an issue with the routing table but I would focus on the other points first.
Thanks for the quick answer: im using the two commands from the Starting Point guide:
ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep [1] | cut -d ‘/’ -f 1 | tr ‘\n’ ‘,’ | sed s/,$//)
nmap -sC -sV -p$ports 10.10.10.27
response im getting:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-01 07:56 CDT
Error #487: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
QUITTING!
and when im pinging 10.10.10.27 im getting
PING 10.10.10.27 (10.10.10.27) 56(84) bytes of data.
From 10.10.14.1 icmp_seq=1 Destination Host Unreachable
From 10.10.14.1 icmp_seq=2 Destination Host Unreachable
From 10.10.14.1 icmp_seq=3 Destination Host Unreachable
From 10.10.14.1 icmp_seq=4 Destination Host Unreachable
From 10.10.14.1 icmp_seq=5 Destination Host Unreachable
From 10.10.14.1 icmp_seq=6 Destination Host Unreachable
From 10.10.14.1 icmp_seq=7 Destination Host Unreachable
-
0-9 ↩︎
It looks like you cannot connect to the target which causes the result of the first command to not be a list of ports, thus causing the error. You could try running echo $portsto see what it says. I suspect once you can properly connect to the target your nmap commands should work fine. As a sanity check you could always run a simple scan by hand, e.g. with nmap -Pn -v 10.10.10.27 (-Pn skips pinging the host which can be useful if a firewall filters the pings and -v makes the output more detailed).
I could see a few potential issues that would cause this behavior but unfortunatly I don’t have access to my htb kali right now to debug.
You could try the following and report back:
- Check in the htb dashboard that the target machine is running (not sure if the starting point machines can even be turned off)
- run
route -norip routeand look for any entries about networks that start with 10.10. It’s possible that you have a local network that overlaps with the htb target network. (Please don’t post the full output here as it might leak information about your local networks).
What looks interesting to me is that the ping replies are coming from 10.10.14.1. Maybe someone else can confirm if this is a router within the htb VPN?
I might be able to fire up my vm later and take a look but no guarantee.
echo $ports returns an empty line
the nmap returns:
Nmap scan report for 10.10.10.27
Host is up.
All 1000 scanned ports on 10.10.10.27 are filtered
ip route returns:
default via 10.0.2.2 dev eth0 proto dhcp metric 100
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15 metric 100
10.10.10.0/24 via 10.10.14.1 dev tun0
10.10.14.0/23 dev tun0 proto kernel scope link src 10.10.14.88
those are the only results and they have nothing to do with my loacal network
Firstly, don’t get confused by Host is up as this is displayed by default when using -Pn.
To me the routing table looks ok. Could you try runningnmap -sP -v 10.10.10.0/24 to see if any other systems in the htb network are reachable? Alternatively you could look on the dashboard under machines and ping one of the machines that are listed as active.
If I remember correctly the starting point lab uses a separate openvpn config. Can you double check that you’re using the starting point config file?
@ScarVite said:
Thanks for the quick answer: im using the two commands from the Starting Point guide:
ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep [1] | cut -d ‘/’ -f 1 | tr ‘\n’ ‘,’ | sed s/,$//)
I am not a huge fan of this string. It generates a massive amount of errors and quite a few people have had this exact error in the last week or so.
Error #487: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
While it might be saying your network connection is down, this is actually saying it doesn’t like the format of $ports. This also happens quite a bit when the connection is working (I get it about half the times I’ve tried this).
So - like @zaicurity has said, double check your connectivity and scan the network.
Given the error message you’ve seen (Destination Host Unreachable) it strongly implies your network connection isn’t working.
Other things you can do to confirm this include:
traceroute 10.10.10.127
ifconfig (check tun0 has a valid IP)
etc
0-9 ↩︎
I have had a similar error before and when I switched the server I was connecting to it started working again. Try going to Access and switch from EU → US or the other way around and re-download the ovpn config file again.
doing that i am getting 256 adresses with 19 up and the rest being down
@zaicurity said:
Firstly, don’t get confused byHost is upas this is displayed by default when using -Pn.
To me the routing table looks ok. Could you try runningnmap -sP -v 10.10.10.0/24to see if any other systems in the htb network are reachable? Alternatively you could look on the dashboard under machines and ping one of the machines that are listed as active.If I remember correctly the starting point lab uses a separate openvpn config. Can you double check that you’re using the starting point config file?
traceroute returns:
traceroute to 10.10.10.127 (10.10.10.127), 30 hops max, 60 byte packets
1 10.10.14.1 (10.10.14.1) 101.861 ms 101.790 ms 108.189 ms
2 10.10.14.1 (10.10.14.1) 3106.290 ms !H 3106.234 ms !H 3106.504 ms !H
ifconfig shows me (what i assume) is a valid ip:
inet 10.10.14.something netmask 255.255.254.0 destination 10.10.14.something
but i also noticed eth0 has:
net 10.0.2.smth netmask 255.255.255.0 broadcast 10.0.2.255
@TheT3rminat0r said:
I have had a similar error before and when I switched the server I was connecting to it started working again. Try going to Access and switch from EU → US or the other way around and re-download the ovpn config file again.
Tried that.
Could it be an issue that im not running it as root, instead as a user with sudo priviliges?
Type your comment> @ScarVite said:
@TheT3rminat0r said:
I have had a similar error before and when I switched the server I was connecting to it started working again. Try going to Access and switch from EU → US or the other way around and re-download the ovpn config file again.Tried that.
Could it be an issue that im not running it as root, instead as a user with sudo priviliges?
That shouldn’t be an issue.
19 hosts up during the nmap -sP scan sounds like you are properly connected. Did you double check if the starting point labs need a separate vpn config? I’m thinking you might be connected to the regular htb VPN and not the starting point VPN.
Are you using sudo openvpn WHATEVER.ovpn or something similar to launch the connection?
@ScarVite said:
ifconfig shows me (what i assume) is a valid ip:
inet 10.10.14.something netmask 255.255.254.0 destination 10.10.14.something
Is there any reference to tun0?
What are the 19 IP addresses that are up? @zaicurity could be right with it being the wrong vpn or the box (10.10.10.27) is just so messed up it might need rebooted.
@TazWake said:
Are you usingsudo openvpn WHATEVER.ovpnor something similar to launch the connection?
exactly like that
@TazWake said:
@ScarVite said:ifconfig shows me (what i assume) is a valid ip:
inet 10.10.14.something netmask 255.255.254.0 destination 10.10.14.somethingIs there any reference to tun0?
th0: flags=…(and all the other stuff)
inet 10.10.14.something netmask 255.255.254.0 destination 10.10.14.something
@zaicurity said:
Type your comment> @ScarVite said:@TheT3rminat0r said:
I have had a similar error before and when I switched the server I was connecting to it started working again. Try going to Access and switch from EU → US or the other way around and re-download the ovpn config file again.Tried that.
Could it be an issue that im not running it as root, instead as a user with sudo priviliges?That shouldn’t be an issue.
19 hosts up during the nmap -sP scan sounds like you are properly connected. Did you double check if the starting point labs need a separate vpn config? I’m thinking you might be connected to the regular htb VPN and not the starting point VPN.
they should be the same
i just tried pinging a active machine and it worked like its supposed to
Type your comment> @ScarVite said:
i just tried pinging a active machine and i got a ping back, when i used those two coammds like before i get Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn back
@ScarVite said:
ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep [1] | cut -d ‘/’ -f 1 | tr ‘\n’ ‘,’ | sed s/,$//)
nmap -sC -sV -p$ports 10.10.10.27
When you say active machine you mean not under starting point? The starting point vpn pack is different than the one for active machines (Free/VIP).
Go to Starting Point on the left side and if it says you are not assigned to a Starting Point lab then you need to switch VPN connections.
0-9 ↩︎
i just switched to the starting point vpn but it still states that i cant connect
do_connect: Connection to 10.10.10.27 failed (Error NT_STATUS_HOST_UNREACHABLE)
Can you try and rescan the range and see if you can hit any other host in the range?
nmap -sP -v 10.10.10.0/24
Also can you ping 10.10.14.1?
@TheT3rminat0r said:
Can you try and rescan the range and see if you can hit any other host in the range?nmap -sP -v 10.10.10.0/24
Also can you ping 10.10.14.1?
maping shows me 256 ip addreses with 19 active hosts
if i ping that client it answers me