Starting Point [HTB]

Hey Guys, I am stuck at foothold step. There is a new IP Address I can see in shell.ps1 code and the xp_cmshell call while spawning a reverse shell. Do I need to change the IP to he one that is assigned to my machine by looking at tun0 ?

Hello people, can anyone tell me how to unlock starting point machines ??

Heard there has been a bunch of issues accessing it. I can connect to the vpn but when i run ifconfig, tun0 is not returning anything not sure why, tried tcp still no prevail. Am unable to ping any of the machines getting real heated…

Definitely a beginner here myself, and maybe this question will show this to be true lol. But following the instructions for this machine, it appears they have us creating a variable named “ports”? However, when I try to create this variable with the command “ports=$(…” as explained in the tutorial and hit return to run the command, it appears the shell just goes to stdin? Can anyone explain why that is? I’m aware just running “-p-” will suffice rather than “-p$ports” but I am curious as to why I am experiencing this?

after i’ve connected to the vpn i can not ping the 10.10.10.27 ip.
what should i do? at least i should be able to ping the host!
it seems to be down. any hints?

Hi,
Same here. i didn’t see 10.10.10.27 too and think it is down. don’t know that i miss something (is that a next challenge and i have to done some other things to connect to this specific host) or just ‘something went wrong’. i tried to play with 2-3 other machines, but no success at the moment :smiley: but keep going

Type your comment

Are the instructions to Starting Point accurate or do we have to figure something out? Im stuck on the enumeration part, at the end trying to open the dtsConfig file. The password that is shown is not working. Am I supposed to be lookin for another way in? Because I can’t find one, yet.

Type your comment> @skillless said:

Are the instructions to Starting Point accurate or do we have to figure something out? Im stuck on the enumeration part, at the end trying to open the dtsConfig file. The password that is shown is not working. Am I supposed to be lookin for another way in? Because I can’t find one, yet.

the password is right. i pass this tutorial today. try to change \ with / for mssql command. otherway command is executed with incorrect user (Guest i think)

have you tried to run nmap with -Pn
nmap -sC -sV -Pn -p- 10.10.10.27
for me i was pinging the machine and it was saying ‘Host Unreachable’
so -Pn would ignore that and run the scan anyway.
i also wanted to add that you can only scan the ports you need 135,139,445,1433
sudo nmap -sC -sV -Pn -p135,139,445,1433 10.10.10.27
it won’t take time this way

Type your comment> @IslaMukheef said:

have you tried to run nmap with -Pn
nmap -sC -sV -Pn -p- 10.10.10.27
for me i was pinging the machine and it was saying ‘Host Unreachable’
so -Pn would ignore that and run the scan anyway.
i also wanted to add that you can only scan the ports you need 135,139,445,1433
sudo nmap -sC -sV -Pn -p135,139,445,1433 10.10.10.27
it won’t take time this way

Works, but also the initial way seem to work. However, as also my connection was rather unstable, I had to wait for the reconnection to happen (keep on monitoring the console). Just after the success-message I could shoot some commands and progress.

Type your comment> @Fearless1 said:

For me, I am connected just fine. I did the initial command “ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep [1] | cut -d ‘/’ -f 1 | tr ‘\n’ ‘,’ | sed s/,$//)” but when I try to follow along after, I am receiving:
kali@kali:~$ nmap -sC -sV -p$ports 10.10.10.27
Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-06 19:48 EDT
Error #487: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
QUITTING!

and when I switch to nmap -sC -sV -p- 10.10.10.27 I get:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-06 19:48 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.70 seconds

When I include -Pn, it doesn’t resolve. Any ideas? Since it is in the starting point, I’m not sure where to go to turn on a machine, if that’s even a thing. I am very new to all of this. I signed up a long time ago, and just started trying my hand at this.

I’ve been experiencing the same thing. Ever since Starting Point was posted up, I haven’t been able to ping or nmap scan any machine. HTB VPN has been connected and tun0 has been showing my IP. Initialization Sequence is completed and still no prevail. I’ve tried changing up my nmap commands every now and then but that doesn’t work either. I hope someone can help find a solution to this issue. Are HTB servers being overloaded? Or is it just that everyone has been on Starting Point lately, so that the machine is being overwhelmed by the amount of connections to it at the same time?


  1. 0-9 ↩︎

Nvm. I waited around an hour or so, but i was able to scan Starting Point. I guess it is just overloaded.

I can run the nmap just fine, but when I move on to the smbclient, im getting the error:
“do_connect: Connection to 10.10.10.27 failed (Error NT_STATUS_HOST_UNREACHABLE)”
Assuming its just down? Not really sure what to make of that

Edit - Resolved this, I just re-downloaded my connection pack.

I am up to the point where we are beginning to get the reverse shell: “$client = new-object…”

Im confused as to where im supposed to input these commands? I’ve installed powershell to my kali VM, but when I save that line as “shell.ps1,” it just interprets that file as a text file. If anyone could give me some guidance that would be much appreciated.

Just follow the guide. You will use the file (shell.ps1) later as a parameter while invoking the reverse shell.

I’m stuck around the same area.

I have made a file called shell.ps1 with the code verbatim of the example inside.

I start up my web server, get netcat listening and get the ufw callbacks but i get an error when I try to run:

I think because the example is using IP 10.10.14.3 and i didnt change to be my IP but honestly im just copy/pasta’ing at this point so dunno…

help?

probably you need to adjust the ip, which is an example and does not work necessarily.

I’m always getting the same error message below as well

nmap -sC -sV -p$ports 10.10.10.27
Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-06 19:48 EDT
Error #487: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
QUITTING!

I have tried with EU and US
I have tried changing to tcp 443
I have tried restarting VM

What network configuration do you have for your kali box?
bridge? NAT? host-only?

Thanks

jesus holly molly seriously i am going crazy with this box.
used openvpn to connect.connection is up and running.tried both EU and USA.restarted VM restarted router etc etc.
SNo matter what i tried,i am still getting error when trying to execute command :
smbclient -N -L \\10.10.10.27\
error below:
do_connect: Connection to 10.10.10.27 failed (Error NT_STATUS_IO_TIMEOUT)

Captured some packets on my tun0 interface.seems like my VM is sending packets with Syn flag but not SYN ACK coming back from the remote server.

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
16:03:07.401797 IP 10.10.14.170.36742 > 10.10.10.27.microsoft-ds: Flags [S], seq 1137421174, win 64240, options [mss 1460,sackOK,TS val 3059908513 ecr 0,nop,wscale 7], length 0
16:03:07.407649 IP 10.10.14.170.43430 > 10.10.10.27.netbios-ssn: Flags [S], seq 1399377996, win 64240, options [mss 1460,sackOK,TS val 3059908519 ecr 0,nop,wscale 7], length 0
16:03:08.411672 IP 10.10.14.170.43430 > 10.10.10.27.netbios-ssn: Flags [S], seq 1399377996, win 64240, options [mss 1460,sackOK,TS val 3059909523 ecr 0,nop,wscale 7], length 0
16:03:08.411682 IP 10.10.14.170.36742 > 10.10.10.27.microsoft-ds: Flags [S], seq 1137421174, win 64240, options [mss 1460,sackOK,TS val 3059909523 ecr 0,nop,wscale 7], length 0
16:03:10.434137 IP 10.10.14.170.36742 > 10.10.10.27.microsoft-ds: Flags [S], seq 1137421174, win 64240, options [mss 1460,sackOK,TS val 3059911545 ecr 0,nop,wscale 7], length 0
16:03:10.434147 IP 10.10.14.170.43430 > 10.10.10.27.netbios-ssn: Flags [S], seq 1399377996, win 64240, options [mss 1460,sackOK,TS val 3059911545 ecr 0,nop,wscale 7], length 0
16:03:15.907590 IP6 fe80::9b10:7b8d:24fb:7767 > ip6-allrouters: ICMP6, router solicitation, length 8
16:04:23.482962 IP6 fe80::9b10:7b8d:24fb:7767 > ip6-allrouters: ICMP6, router solicitation, length 8

Does anhybody know wtf is going on? Is the box unstable or am i missing something?Anybody facing the same issue?
Thanks