Hacking : βMeowβ Machine or an Introduction to HackTheBox
Hack The Box is a massive hacking playground, and infosec community of members who learn, hack, play, exchange ideas and methodologies. One of the main feature of HTB is βLabsβ. Every lab is a generate machine dedicated to apply what you have learned. There are a lot of labs, from the easiest one to the more insane. Each lab or βmachineβ has a name, and you have to answer questions and, finally, retrieve the flag to complete it. Here we have βMeowβ machine. This is the very first machine and a very good introduction to let you install your hacking environment ands experiment HTB. So letβs explore it.
Install a Parrot VM
The first step to try out HTB lab is to have a proper machine suited for hacking purposes and there are 3 options :
Connect to a Pwnbox : A Pwnbox is a customized hacking cloud box that lets you hack all HTB Labs directly from the browser. This is the easiest way for beginners. No need for Virtual Machine or VPN, but the HTB free tier allow only 2h lifetime of Pwnbox.
Use your own machine : If you have a set of hacking tools already installed in your computer, you can use it. But first, you have to connect your machine to HTB network using OpenVPN. I would not recommend this method, you better use an isolated Virtual Machine to ensure maximum security.
Use a Virtual Machine : This is the recommended method for security and performance reasons. You can install the Operating System you want, but notes that you will have to install a lot of hacking and network tools to be operational. It exists OS designed for digital forensics and penetration testing, such as Kali Linux or ParrotOS.
There are several ways to install a Virtual Machine on your computer. For our use case, I would recommand the use of a virtualization software such as VMWare Player or VirtualBox. Finally, I tried a lot of Linux/UNIX based OS and I would suggest ParrotOS. So, letβs install a ParrotOS Virtual Machine on VMWare Player :
First, download and install VMWare Player : https://www.vmware.com/fr/products/workstation-player.html
Download a ParrotOS ISO : https://parrotsec.org/download/. Note that for a while, Parrot provide a customized image adapted to Hack The Box labs and academy.
- On VMWare Player, create a VM and load your ParrotOS image :
- Most of the time, VMWare will detect the OS and customized the VM with the best options. If VMWare doesnβt detect the OS, you can select Debian 10 (ParrotOS is based on Debian) :
- In the next step, select at least 20gb of disk space on a virtual disk into multiple file :
- VMWare will create the VM on the location you selected. Once done, I suggest you to customized your VM and set the memory size to 4Gb and 2 processor cores :
- You can now start your VM :
Connect to HTB VPN and spawn the machine
Start your virtual machine and go to HTB labs to begin the Meow challenge. The first step is to connect your VM to Starting Point VPN before starting the HTB machine. On the right panel, select βOpenVPNβ, select the VPN access and server and download the .ovpn file.
This files contains the VPN configuration you can use as an argument to OpenVPN in your ParrotOS VM :
You should be connected to HTB VPN if you have this message :
You can now spawn the machine so HTB will create an instance and prompt the IP you will have to use.
You are now ready to answer the 9 questions of this lab. Here few tips :
- You can ping the machine you have spawned :
) )
- You can check for open port :
)
)
)
)
- And use the open ports with appropriate tools :
)