Starting Point [HTB]

So I ended up using this command:

nmap -sC -sV -p- 10.10.10.27

Instead of nmap -sC -sV -p$ports 10.10.10.27.

It worked and gave me the open ports.

Type your comment> @Buttersauce said:

So I ended up using this command:

nmap -sC -sV -p- 10.10.10.27

Instead of nmap -sC -sV -p$ports 10.10.10.27.

It worked and gave me the open ports.

still doesnt work
i also tried

nmap -sC -sV -p 1-2000 10.10.10.27

are u connected to the eu or the usa servers?
maybe its just the eu servers which doesnt work properly?

I have just tried both the EU and US VPNs and am unable to get a response using either

US Server. I had a lot of issues yesterday in getting the ports to show up in scans. Regenerated my keys, then tried the command I posted earlier. Started to work. Now I am stuck at another part.

Okay, just redownloaded the Starting Point VPN file, for the US and that now works fine.

Downloading the EU one leaves me unable to ping anything. Guess I’ll use the US connection then!

Type your comment> @Buttersauce said:

So I ended up using this command:

nmap -sC -sV -p- 10.10.10.27

Instead of nmap -sC -sV -p$ports 10.10.10.27.

It worked and gave me the open ports.

Yup, i tweaked the nmap command as well and it worked.

I am running into a problem getting ps1.shell to the victim machine from my local machine. The victim says that it cannot connect to my machine, though I can connect to the victim. As far as I can tell, I have not missed any instructions, even resorting to just copy-pasting them. What might I be missing to get past this step in the instructions?

Nevermind. It was fatigue and something really dumb. It was misconfigured networking on my end.

For me, I am connected just fine. I did the initial command “ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep [1] | cut -d ‘/’ -f 1 | tr ‘\n’ ‘,’ | sed s/,$//)” but when I try to follow along after, I am receiving:
kali@kali:~$ nmap -sC -sV -p$ports 10.10.10.27
Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-06 19:48 EDT
Error #487: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
QUITTING!

and when I switch to nmap -sC -sV -p- 10.10.10.27 I get:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-06 19:48 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.70 seconds

When I include -Pn, it doesn’t resolve. Any ideas? Since it is in the starting point, I’m not sure where to go to turn on a machine, if that’s even a thing. I am very new to all of this. I signed up a long time ago, and just started trying my hand at this.


  1. 0-9 ↩︎

Hey Guys, I am stuck at foothold step. There is a new IP Address I can see in shell.ps1 code and the xp_cmshell call while spawning a reverse shell. Do I need to change the IP to he one that is assigned to my machine by looking at tun0 ?

Hello people, can anyone tell me how to unlock starting point machines ??

Heard there has been a bunch of issues accessing it. I can connect to the vpn but when i run ifconfig, tun0 is not returning anything not sure why, tried tcp still no prevail. Am unable to ping any of the machines getting real heated…

Definitely a beginner here myself, and maybe this question will show this to be true lol. But following the instructions for this machine, it appears they have us creating a variable named “ports”? However, when I try to create this variable with the command “ports=$(…” as explained in the tutorial and hit return to run the command, it appears the shell just goes to stdin? Can anyone explain why that is? I’m aware just running “-p-” will suffice rather than “-p$ports” but I am curious as to why I am experiencing this?

after i’ve connected to the vpn i can not ping the 10.10.10.27 ip.
what should i do? at least i should be able to ping the host!
it seems to be down. any hints?

Hi,
Same here. i didn’t see 10.10.10.27 too and think it is down. don’t know that i miss something (is that a next challenge and i have to done some other things to connect to this specific host) or just ‘something went wrong’. i tried to play with 2-3 other machines, but no success at the moment :smiley: but keep going

Type your comment

Are the instructions to Starting Point accurate or do we have to figure something out? Im stuck on the enumeration part, at the end trying to open the dtsConfig file. The password that is shown is not working. Am I supposed to be lookin for another way in? Because I can’t find one, yet.

Type your comment> @skillless said:

Are the instructions to Starting Point accurate or do we have to figure something out? Im stuck on the enumeration part, at the end trying to open the dtsConfig file. The password that is shown is not working. Am I supposed to be lookin for another way in? Because I can’t find one, yet.

the password is right. i pass this tutorial today. try to change \ with / for mssql command. otherway command is executed with incorrect user (Guest i think)

have you tried to run nmap with -Pn
nmap -sC -sV -Pn -p- 10.10.10.27
for me i was pinging the machine and it was saying ‘Host Unreachable’
so -Pn would ignore that and run the scan anyway.
i also wanted to add that you can only scan the ports you need 135,139,445,1433
sudo nmap -sC -sV -Pn -p135,139,445,1433 10.10.10.27
it won’t take time this way

Type your comment> @IslaMukheef said:

have you tried to run nmap with -Pn
nmap -sC -sV -Pn -p- 10.10.10.27
for me i was pinging the machine and it was saying ‘Host Unreachable’
so -Pn would ignore that and run the scan anyway.
i also wanted to add that you can only scan the ports you need 135,139,445,1433
sudo nmap -sC -sV -Pn -p135,139,445,1433 10.10.10.27
it won’t take time this way

Works, but also the initial way seem to work. However, as also my connection was rather unstable, I had to wait for the reconnection to happen (keep on monitoring the console). Just after the success-message I could shoot some commands and progress.