Meow Write-up - Nikola's Digital Garden

#readwise # Meow Write-up ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/default-book-icon-2.dae1dc4d332b.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Meow Write-up - Full Text: [[Meow Write-up.pdf]] ## Highlights After navigating to the Downloads directory, type in ls to make sure the .ovpn file is present on the system, followed by the command to launch your OpenVPN client and connect to the Hack The Box internal network: `sudo openvpn {filename}.ovpn`. ... Let the configuration script run until you see the Initialization Sequence Completed message at the very end of the output. Once that is present, make sure that there is no mention of multiple tunnel interfaces, such as tun1 , tun2 , and so forth. Having multiple tunnel interfaces can ruin the stability of your connection to the target and create routing conflicts on your Operating System, which would only bring frustration. There should only be tun0 mentioned in the output. (Page 3) ^7q3027 --- **90% of penetration testing consists of research done on the internet about the product you are testing**. ... **The key is to know how to look for the information you need.** ... The objective here is not speed but meticulousness. If a resource on the target is missed during the Enumeration phase of your test, you might lose a vital attack vector which would have potentially cut your worktime on the target in half or even less. (Page 5) --- **When first starting a penetration test or any security evaluation on a target, a primary step is known as Enumeration . This step consists of documenting the current state of the target to learn as much as possible about it**. ... If the target is a storage server, you can connect to it using the same IP address to explore the files and folders stored on it, provided that you have the necessary credentials. The question is, how do you find these services? You cannot manually search for them because it would take a long time. Every server uses ports in order to serve data to other clients. The first steps in the Enumeration phase involve scanning these open ports to see the purpose of the target on the network and what potential vulnerabilities might appear from the services running on it. In order to quickly scan for ports, we can use a tool called Nmap. (Page 5) --- ### Enumeration In order to start the scanning process, we can use the following command with the nmap script. nmap stands for Network Mapper, and it will send requests to the target's ports in hopes of receiving a reply, thus determining if the said port is open or not. Some ports are used by default by certain services. Others might be non-standard, which is why we will be using the service detection flag -sV to determine the name and description of the identified services. (Page 6) --- ### Foothold Sometimes, **due to configuration mistakes, some important accounts can be left with blank passwords for the sake of accessibility. This is a significant issue with some network devices or hosts**, leaving them open to simple brute-forcing attacks, where the attacker can try logging in sequentially, using a list of usernames with no password input. Some typical important accounts have self-explanatory names, such as: admin, administrator, root. A direct way to attempt logging in with these credentials in hopes that one of them exists and has a blank password is to input them manually in the terminal when the hosts request them. If the list were longer, we could use a script to automate this process, feeding it a wordlist for usernames and one for passwords. Typically, the wordlists used for this task consist of typical people names, abbreviations, or data from previous database leaks. For now, we can resort to manually trying these three main usernames above. (Page 8)