Starting Point [HTB]

Type your comment> @Buttersauce said:

So I ended up using this command:

nmap -sC -sV -p- 10.10.10.27

Instead of nmap -sC -sV -p$ports 10.10.10.27.

It worked and gave me the open ports.

Yup, i tweaked the nmap command as well and it worked.

I am running into a problem getting ps1.shell to the victim machine from my local machine. The victim says that it cannot connect to my machine, though I can connect to the victim. As far as I can tell, I have not missed any instructions, even resorting to just copy-pasting them. What might I be missing to get past this step in the instructions?

Nevermind. It was fatigue and something really dumb. It was misconfigured networking on my end.

For me, I am connected just fine. I did the initial command “ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep [1] | cut -d ‘/’ -f 1 | tr ‘\n’ ‘,’ | sed s/,$//)” but when I try to follow along after, I am receiving:
kali@kali:~$ nmap -sC -sV -p$ports 10.10.10.27
Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-06 19:48 EDT
Error #487: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
QUITTING!

and when I switch to nmap -sC -sV -p- 10.10.10.27 I get:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-06 19:48 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.70 seconds

When I include -Pn, it doesn’t resolve. Any ideas? Since it is in the starting point, I’m not sure where to go to turn on a machine, if that’s even a thing. I am very new to all of this. I signed up a long time ago, and just started trying my hand at this.


  1. 0-9 ↩︎

Hey Guys, I am stuck at foothold step. There is a new IP Address I can see in shell.ps1 code and the xp_cmshell call while spawning a reverse shell. Do I need to change the IP to he one that is assigned to my machine by looking at tun0 ?

Hello people, can anyone tell me how to unlock starting point machines ??

Heard there has been a bunch of issues accessing it. I can connect to the vpn but when i run ifconfig, tun0 is not returning anything not sure why, tried tcp still no prevail. Am unable to ping any of the machines getting real heated…

Definitely a beginner here myself, and maybe this question will show this to be true lol. But following the instructions for this machine, it appears they have us creating a variable named “ports”? However, when I try to create this variable with the command “ports=$(…” as explained in the tutorial and hit return to run the command, it appears the shell just goes to stdin? Can anyone explain why that is? I’m aware just running “-p-” will suffice rather than “-p$ports” but I am curious as to why I am experiencing this?

after i’ve connected to the vpn i can not ping the 10.10.10.27 ip.
what should i do? at least i should be able to ping the host!
it seems to be down. any hints?

Hi,
Same here. i didn’t see 10.10.10.27 too and think it is down. don’t know that i miss something (is that a next challenge and i have to done some other things to connect to this specific host) or just ‘something went wrong’. i tried to play with 2-3 other machines, but no success at the moment :smiley: but keep going

Type your comment

Are the instructions to Starting Point accurate or do we have to figure something out? Im stuck on the enumeration part, at the end trying to open the dtsConfig file. The password that is shown is not working. Am I supposed to be lookin for another way in? Because I can’t find one, yet.

Type your comment> @skillless said:

Are the instructions to Starting Point accurate or do we have to figure something out? Im stuck on the enumeration part, at the end trying to open the dtsConfig file. The password that is shown is not working. Am I supposed to be lookin for another way in? Because I can’t find one, yet.

the password is right. i pass this tutorial today. try to change \ with / for mssql command. otherway command is executed with incorrect user (Guest i think)

have you tried to run nmap with -Pn
nmap -sC -sV -Pn -p- 10.10.10.27
for me i was pinging the machine and it was saying ‘Host Unreachable’
so -Pn would ignore that and run the scan anyway.
i also wanted to add that you can only scan the ports you need 135,139,445,1433
sudo nmap -sC -sV -Pn -p135,139,445,1433 10.10.10.27
it won’t take time this way

Type your comment> @IslaMukheef said:

have you tried to run nmap with -Pn
nmap -sC -sV -Pn -p- 10.10.10.27
for me i was pinging the machine and it was saying ‘Host Unreachable’
so -Pn would ignore that and run the scan anyway.
i also wanted to add that you can only scan the ports you need 135,139,445,1433
sudo nmap -sC -sV -Pn -p135,139,445,1433 10.10.10.27
it won’t take time this way

Works, but also the initial way seem to work. However, as also my connection was rather unstable, I had to wait for the reconnection to happen (keep on monitoring the console). Just after the success-message I could shoot some commands and progress.

Type your comment> @Fearless1 said:

For me, I am connected just fine. I did the initial command “ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep [1] | cut -d ‘/’ -f 1 | tr ‘\n’ ‘,’ | sed s/,$//)” but when I try to follow along after, I am receiving:
kali@kali:~$ nmap -sC -sV -p$ports 10.10.10.27
Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-06 19:48 EDT
Error #487: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
QUITTING!

and when I switch to nmap -sC -sV -p- 10.10.10.27 I get:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-06 19:48 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.70 seconds

When I include -Pn, it doesn’t resolve. Any ideas? Since it is in the starting point, I’m not sure where to go to turn on a machine, if that’s even a thing. I am very new to all of this. I signed up a long time ago, and just started trying my hand at this.

I’ve been experiencing the same thing. Ever since Starting Point was posted up, I haven’t been able to ping or nmap scan any machine. HTB VPN has been connected and tun0 has been showing my IP. Initialization Sequence is completed and still no prevail. I’ve tried changing up my nmap commands every now and then but that doesn’t work either. I hope someone can help find a solution to this issue. Are HTB servers being overloaded? Or is it just that everyone has been on Starting Point lately, so that the machine is being overwhelmed by the amount of connections to it at the same time?


  1. 0-9 ↩︎

Nvm. I waited around an hour or so, but i was able to scan Starting Point. I guess it is just overloaded.

I can run the nmap just fine, but when I move on to the smbclient, im getting the error:
“do_connect: Connection to 10.10.10.27 failed (Error NT_STATUS_HOST_UNREACHABLE)”
Assuming its just down? Not really sure what to make of that

Edit - Resolved this, I just re-downloaded my connection pack.

I am up to the point where we are beginning to get the reverse shell: “$client = new-object…”

Im confused as to where im supposed to input these commands? I’ve installed powershell to my kali VM, but when I save that line as “shell.ps1,” it just interprets that file as a text file. If anyone could give me some guidance that would be much appreciated.

Just follow the guide. You will use the file (shell.ps1) later as a parameter while invoking the reverse shell.