环境准备

1. 操作系统:Kali Linux 或者 Windows
2. 工具:nmap,telnet

nmap工具 [Kali 官网]

手册地址:https://www.kali.org/tools/nmap/
摘要:
Nmap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques, version detection (determine service protocols and application versions listening behind ports), and TCP/IP fingerprinting (remote host OS or device identification). Nmap also offers flexible target and port specification, decoy/stealth scanning, sunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and commandline modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.

Nmap是一种用于网络探索或安全审计的实用程序。它支持ping扫描（确定哪些主机已启动）、许多端口扫描技术、版本检测（确定在端口后面侦听的服务协议和应用程序版本）和TCP/IP指纹识别（远程主机操作系统或设备标识）。Nmap还提供灵活的目标和端口规范、诱饵/隐形扫描、sunRPC扫描等。大多数Unix和Windows平台都支持GUI和命令行模式。还支持几种流行的手持设备，包括Sharp Zaurus和iPAQ。

telnet

Telnet 是一种用于远程登录到计算机或服务器的网络协议。它允许用户通过命令行界面远程控制主机，并执行各种操作和命令。Telnet 协议通过网络传输用户的键盘输入，并将远程主机的响应返回给用户。
然而，需要注意的是，由于 Telnet 将数据以明文形式传输，安全性较差，因此在实际应用中，它已被更安全的 SSH（Secure Shell）协议所取代。SSH 提供了更强的加密和身份验证机制，使得远程登录更加安全可靠。

任务点

TASK1

What does the acronym VM stand for?

缩写VM代表什么?

key:Virtual Machine

TASK2

What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN connection? It’s also known as a console or shell.

我们使用什么工具与操作系统交互，以便通过命令行发出命令，例如启动VPN连接的工具？它也被称为控制台或shell。

key:terminal

TASK3

What service do we use to form our VPN connection into HTB labs?

我们使用什么服务将VPN连接到HTB实验室？

key:openvpn

TASK4

What tool do we use to test our connection to the target with an ICMP echo request?

我们使用什么工具来测试与ICMP回显请求目标的连接？

┌──(martin㉿kali)-[~]
└─$ ping 10.129.44.35
PING 10.129.44.35 (10.129.44.35) 56(84) bytes of data.
64 bytes from 10.129.44.35: icmp_seq=1 ttl=63 time=290 ms
^C
--- 10.129.44.35 ping statistics ---
2 packets transmitted, 1 received, 50% packet loss, time 1002ms
rtt min/avg/max/mdev = 289.511/289.511/289.511/0.000 ms

key:ping

TASK5

What is the name of the most common tool for finding open ports on a target?

在目标上查找打开端口的最常见工具的名称是什么？

┌──(martin㉿kali)-[~]
└─$ sudo nmap -sS -T4 -Pn 10.129.44.35
Starting Nmap 7.92 ( https://nmap.org ) at 2023-09-20 00:26 CST
Nmap scan report for 10.129.44.35
Host is up (7.0s latency).
Not shown: 550 filtered tcp ports (no-response), 449 closed tcp ports (reset)
PORT   STATE SERVICE
23/tcp open  telnet

Nmap done: 1 IP address (1 host up) scanned in 10.05 seconds

key:nmap

TASK6

What service do we identify on port 23/tcp during our scans?

在扫描过程中，我们在端口23/tcp上识别什么服务？

key:telnet

TASK7

What username is able to log into the target over telnet with a blank password?

什么用户名可以使用空白密码通过telnet登录到目标？

#telnet 10.129.44.35

key:root

Flag

root@Meow:~# cat flag.txt
b40abdfe23665f766f9c61ecba8a4c19

key:b40abdfe23665f766f9c61ecba8a4c19