Please help on "hackthebox" challenge


(unicornstark) #1

Hello friends… I am new to hacking and have started taking online courses , watching tutorials , and right now I am trying with some pentest practicals
And for that purpose, started challenges in " " . . I hope all are familiar with that site which seems to be good for beginers…

Right now, I am stuck the very first challenge. All I have is an ip address . I have to penetrate and exploit the system.I have to find the system ID and password.

What I did : With the ip, I tried zenmap and got the open ports,OS details.
But now, confused with the method of exploitation.
Which ports are most vulnerable??
How should one start with port hacking??
Is metasploit the best way to do this ?

Please pardon if I am asking too basic stuff…
I know hacking lessons cannot be spoon fed, but I need strong understanding of theses things to move further. so plz help!!!
Thanks in advance :slight_smile:

(b0x) #2

same with me. i didnt completed first box till now

(unicornstark) #3

Oh!! I am trying to get as many informations as possible regarding network scanning, attacking ports, etc which are useful for this task., but couldn’t find an effective method as of now…
Anyways, If you find anything informative please do share with me as well !!!

(¯\_(ツ)_/¯) #4

I didn’t solve it myself yet. Do you mean the registration, or did you manage this?

It is always ok to ask for help, we all need it sometime

(unicornstark) #5

Thanks for immediate response dude !!
But this is not what I needed xD
I cracked this “code generation” step and got registered to site and here’s where I am stuck!!
There are many machines provided with “ip address” alone and all we need to do is hack them down!!
BUT HOW ?? :smiley:
Thats where I need help :frowning:

(bekoleko) #6

Try searching the services of each port on metasploit… you probably will find a exploit for any of the services running on tcp… i think you need to get a command shell and then dumb the password and then crack it (or maybe it is plain text and you dont need to) … and you can get a lot of information just from the ip if you know how :wink:


I think the first machine you should try must be Legacy.
Then try Lame and then you can decide after that.
Hope this helps

(unicornstark) #11

yea, thank ya… I tried the same way… and used windows/meterpreter/reverse_tcp exploit :blush:


Windows/meterpreter/reverse_tcp is not an exploit, its a payload. The very basic skill is to find the service version (-sV nmap switch) and just google service name + vulnerability. You can also use searchsploit tool. But overall, go for at first, download some easy machine for example SickOS and try to hack, if you are stuck read other’s writeups to see how they did it. Good luck.


Or you could watch few walkthroughs of retired machines to get some idea about how you go about enumerating machines.
Walkthroughs by Ippsec is a good source

(Matrix2600) #14

Hmmm… I think I can put some insight onto this.

From my experience, there’s no right exploit or as you ask, which ports are the most vulnerable. If the port is open, it is vulnerable. There’s many exploits for a single service. I use Google along with msf or even 0day which is a great source of known exploits. Sometimes, if FTP, Telnet, and/or SSH is open, than you could use Medusa or Hydra to try to crack the password, but even those services have their own vulnerabilities. It takes a lot of research with time and experience.

I hope I explained well enough.