HW08: Intro to HackTheBox due Tue 21 Mar 13:20

In this assignment you will begin learning how to utilize the le...
...ox.com}. You will document your progress in
a CherryTree document.


https://hackthebox.com is a website that provides cloud-based virtual machines that can be accessed from within your own VirtualBox environment. They provide machines configured to have exploitable vulnerabilities that cover a wide range of difficulty levels.

In this assignment you will create an account at hackthebox.comand complete some intro exercises in that environment. As you do so you will document your progress in a CherryTree document that will include screenshots.

Installing CherryTree and Greenshot

CherryTree (https://www.giuspen.com/cherrytree/) is a hierarchical note-taking tool that we will use to document a number of assignment moving forward. It comes pre-installed in Kali, but you may find it simpler to run on your local computer rather than in the virtual enviroment.

Greenshot (https://getgreenshot.org/) is a screenshot program that has some nice features. You can use any screenshot software you want for this. In this assignment you will be occasionally taking screen shots and pasting them into your CherryTree document. NOTE: For Linux users Flameshot is a good alternative.

Using CherryTree for this Assignment

Create a new CherryTree document named hackthebox.ctb. In it create the following top-level node: Tier 0. Underneath it create nodes for each of the introductory machines: Meow, Fawn, Dancing, etc. As you proceed through this assignment you will document your work.

Creating an Account and First Exercise

Visit https://hackthebox.com and click the Join Now button. Use your HSU email address to sign up for an account and then log in to the site. Visit the recommended Tier 0 machines and start with the machine called Meow.

Remember, you will need to interact with HackTheBox from your Kali machine. To work with the Tier 0 machines you will need to download a .ovpn file from the site and then execute this command:

sudo openvpn name_of_downloaded_ovpn_file

Then continue walking through the steps provided by HackTheBox. For each step document what you did (including the openvpn command above) in the CherryTree editor.

IMPORTANT: Although they provide a complete walk-through with instructions and answers, you should try to complete all tutorials without using them. If you don't remember a fact (like a port number) then google it rather than using the walk-through instructions.

Complete the Several Tier 0 Tutorials

In your CherryTree document you should have some subnodes named for each of the beginning exercises. For each set of exercises, document your steps in the CherryTree document.

As you go through these exercises, remember, they are helping you to develop some basic skills that will help in actual pentesting. That is to say, if you find that port 23 is open then it won't help much if you manage to connect to the service, but don't know what to do once connected. These exercises help you learn some basic commands.

You should independently complete all steps for these machines:

Turn In Your Work

To provide verification that you have completed each of the steps above, create a screenshot that shows the four machines for which you obtained the required flag. The screenshot should include your username at the top of the screen.

Paste the screenshot at the bottom of the Redeemer subnode and then turn in the document by uploading it into Canvas.