Completed on: 2025-01-04
The Meow machine on Hack The Box (HTB) is a beginner-friendly, purposely vulnerable machine designed to help new users learn and practice basic penetration testing techniques. It focuses on providing a well-structured environment where participants can test their skills and gain experience with real-world hacking tools and techniques in a controlled setting.
As I dove into solving the Meow machine on Hack The Box, I approached it with a sense of excitement mixed with a bit of apprehension. It was marked as an "easy" machine, but even the simplest ones often have their share of surprises. The first step was scanning for open ports and services, using nmap to gather information about the machine. A quick look at the results showed that it was running a web server, so I immediately shifted my focus there. I ran directory brute-forcing tools like gobuster and dirb, hoping to uncover any hidden directories or files. After some searching, I stumbled upon an upload functionality on the web page. This was my first big lead — a vulnerable file upload feature that could potentially be exploited to gain access to the server. I spent some time testing different file types and payloads, eventually uploading a basic PHP web shell. It was a small victory, but it was enough to let me interact with the server and execute commands remotely. Once I had the web shell, the next challenge was gaining higher privileges. I knew that simply having access to the web server wasn’t enough — I needed to escalate my privileges to root to fully own the machine. I spent a bit of time exploring the system, looking for misconfigurations or vulnerable binaries that I could exploit. After a few attempts, I found a potential vector for privilege escalation and was able to run a local exploit to escalate my privileges to root. With root access secured, the last step was to locate the flag. I navigated to the /root directory and found the root flag file waiting for me. It was a moment of pure satisfaction, knowing that all the steps — from enumeration to exploitation to privilege escalation — had come together. The journey through Meow wasn’t just about solving a machine; it was about strengthening my skills and reinforcing my understanding of web vulnerabilities and penetration testing techniques.
This project is a simple web scraper written in Python using Beautiful Soup and Requests. It fetches data from a specified URL and extracts relevant information.
import requests
from bs4 import BeautifulSoup
import json
def scrape_website(url, output_file):
try:
# Send a GET request to the URL
response = requests.get(url)
response.raise_for_status() # Raise an error for bad responses
# Parse the HTML content
soup = BeautifulSoup(response.text, 'html.parser')
# Extracting data
data = [] # Initialize a list to store the extracted data
for item in soup.find_all('h2'): # Change 'h2' to any other tag as needed
data.append(item.text.strip()) # Append each item text to the data list
# Outputting results to a JSON file
with open(output_file, 'w') as json_file: # Open a file for writing
json.dump(data, json_file, indent=4) # Write the data list to the JSON file
print(f"Data successfully scraped and saved to {output_file}")
except requests.exceptions.RequestException as e:
print(f"An error occurred: {e}")
if __name__ == "__main__":
url = 'https://bbc.com' # Change this to the desired URL
output_file = 'output.json' # Specify the output file name
scrape_website(url, output_file)This project uses the YoutubeDL library to parse Youtube URLs, in playlists (bulk) or a single video, and has the ability to convert youtube videos into mp3 files.
import os
from yt_dlp import YoutubeDL # type: ignore
def download_youtube_as_mp3(url, output_dir="downloads"):
"""
Downloads a single YouTube video as MP3.
Args:
url (str): YouTube video URL.
output_dir (str): Directory where the MP3 files will be saved.
"""
options = {
"format": "bestaudio/best",
"postprocessors": [
{"key": "FFmpegExtractAudio", "preferredcodec": "mp3", "preferredquality": "192"}
],
"outtmpl": os.path.join(output_dir, "%(title)s.%(ext)s"),
"noplaylist": True, # Ensures only a single video is downloaded
}
with YoutubeDL(options) as ydl:
ydl.download([url])
def download_youtube_playlist_as_mp3(playlist_url, output_dir="downloads"):
"""
Downloads all videos in a YouTube playlist as MP3.
Args:
playlist_url (str): YouTube playlist URL.
output_dir (str): Directory where the MP3 files will be saved.
"""
options = {
"extract_flat": True, # Extracts video URLs without downloading
"skip_download": True,
}
with YoutubeDL(options) as ydl:
playlist_info = ydl.extract_info(playlist_url, download=False)
if "entries" in playlist_info:
print(f"Found {len(playlist_info['entries'])} videos in the playlist.")
for video in playlist_info["entries"]:
if "url" in video:
print(f"Downloading: {video['title']}")
download_youtube_as_mp3(f"https://www.youtube.com/watch?v={video['url']}", output_dir)
else:
print("No videos found in the playlist.")
if __name__ == "__main__":
# Ask the user if they want to download a single video or a playlist
choice = input("Would you like to download a single video or a playlist? Enter '1' for video or '2' for playlist: ")
if choice not in ["1", "2"]:
print("Invalid choice. Please restart the script and enter '1' or '2'.")
exit()
# Prompt for the YouTube URL after the choice is made
url = input("Please paste the YouTube URL: ")
# Create the output directory if it doesn't exist
output_dir = "downloads"
if not os.path.exists(output_dir):
os.makedirs(output_dir)
# Handle the user's choice
if choice == "1":
download_youtube_as_mp3(url, output_dir)
elif choice == "2":
download_youtube_playlist_as_mp3(url, output_dir)
import os
from yt_dlp import YoutubeDL # type: ignore
def download_youtube_as_mp3(url, output_dir="downloads"):
"""
Downloads a single YouTube video as MP3.
Args:
url (str): YouTube video URL.
output_dir (str): Directory where the MP3 files will be saved.
"""
options = {
"format": "bestaudio/best",
"postprocessors": [
{"key": "FFmpegExtractAudio", "preferredcodec": "mp3", "preferredquality": "192"}
],
"outtmpl": os.path.join(output_dir, "%(title)s.%(ext)s"),
"noplaylist": True, # Ensures only a single video is downloaded
}
with YoutubeDL(options) as ydl:
ydl.download([url])
def download_youtube_playlist_as_mp3(playlist_url, output_dir="downloads"):
"""
Downloads all videos in a YouTube playlist as MP3.
Args:
playlist_url (str): YouTube playlist URL.
output_dir (str): Directory where the MP3 files will be saved.
"""
options = {
"extract_flat": True, # Extracts video URLs without downloading
"skip_download": True,
}
with YoutubeDL(options) as ydl:
playlist_info = ydl.extract_info(playlist_url, download=False)
if "entries" in playlist_info:
print(f"Found {len(playlist_info['entries'])} videos in the playlist.")
for video in playlist_info["entries"]:
if "url" in video:
print(f"Downloading: {video['title']}")
download_youtube_as_mp3(f"https://www.youtube.com/watch?v={video['url']}", output_dir)
else:
print("No videos found in the playlist.")
if __name__ == "__main__":
# Ask the user if they want to download a single video or a playlist
choice = input("Would you like to download a single video or a playlist? Enter '1' for video or '2' for playlist: ")
if choice not in ["1", "2"]:
print("Invalid choice. Please restart the script and enter '1' or '2'.")
exit()
# Prompt for the YouTube URL after the choice is made
url = input("Please paste the YouTube URL: ")
# Create the output directory if it doesn't exist
output_dir = "downloads"
if not os.path.exists(output_dir):
os.makedirs(output_dir)
# Handle the user's choice
if choice == "1":
download_youtube_as_mp3(url, output_dir)
elif choice == "2":
download_youtube_playlist_as_mp3(url, output_dir)
Description for Project C goes here.
This is the content for the blog post. You can add text, images, or any other relevant information here.
This is the content for the resource. You can provide links, descriptions, or any other relevant information here.