First, download the .ovpn file and open up the terminal as an administrator

sudo su
openvpn root.ovpn

Wait a couple of seconds in order for the connection to be established. Click to get a target machine IP Address.

ping {IP_ADDRESS}
πŸ’‘
Task 1

What does the acronym VM stand for?

Virtual Machine

πŸ’‘
Task 2

What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN connection? It’s also known as a console or shell.

Terminal

πŸ’‘
Task 3

What service do we use to form our VPN connection into HTB labs?

openvpn

πŸ’‘
Task 4

What is the abbreviated name for a β€˜tunnel interface’ in the output of your VPN boot-up sequence output?

tun

You can use the following command to find this.

ifconfig
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
πŸ’‘
Task 5

What tool do we use to test our connection to the target with an ICMP echo request?

ping

πŸ’‘
Task 6

What is the name of the most common tool for finding open ports on a target?

nmap

πŸ’‘
Task 7

What service do we identify on port 23/tcp during our scans?

telnet

πŸ’‘
Task 8

What username is able to log into the target over telnet with a blank password?

root

πŸ’‘
Submit Flag

Now, we’ve used the ping command and the server responded back. We can now use nmap in order to find any open services.

sudo nmap -sV IP_ADDRESS
Host is up (0.069s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
23/tcp open  telnet  Linux telnetd
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.48 seconds

Let’s connect using telnet to the target.

telnet IP_ADDRESS
Meow login: root
ls
cat flag.txt

Tagged in: