Access is a fun box that switches things up a bit by forcing the user the compromise the target via telnet. Users are tasked with enumerating open ports with nmap, exploring ftp, and finding plaintext credentials. Step 1: Enumerating with NMAP ➜ access nmap -A -vv 10.129.18.109 -p- -Pn Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower. Starting Nmap 7.93SVN ( https://nmap.org ) at 2023-02-19 13:06 EST NSE: Loaded 156 scripts for scanning....
Jeeves is a challenging box that tests the user’s ability to enumerate web directories, upload reverse shell code, and escalate privileges with metasploit. The creator of this box also tries to trick the user by hiding the flag, but it is easily uncovered with a few additional commands. Step 1: Enumerate with NMAP We start our investigation by scanning the target with NMAP. ➜ jeeves nmap -vv -A 10.129.213.25 -p- -Pn Host discovery disabled (-Pn)....
SecNotes is a challenging box that tests the user’s ability to exploit common web application vulnerabilities to uncover sensitive information and upload files to gain access to the target. This box is interesting because it is a Windows target that tests the user’s Linux knowledge as well. Step 1: Enumerating with NMAP As usual, the first step in our investigation is to enumerate the target with NMAP. ➜ secnotes nmap -vv 10....
Chatterbox is a rather challenging box that tests the user’s ability to enumerate with NMAP, exploit a target with Metasploit, and find reused plaintext credentials to compromise the target. Step 1: Enumerate with NMAP As usual, the first step in our investigation is to enumerate the target with NMAP. ➜ chatterbox nmap -vv -A 10.129.3.102 -Pn -p- Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower....
Devel is a short and sweet box that tests the user’s ability to enumerate with NMAP and Metasploit.
Arctic is a simple, yet troublesome box, largely due to it’s slow performance and old age.
Shocker is a relatively straightforward box that tasks the user with enumerating with NMAP and Gobuster, as well as using public exploits to compromise the target. Step 1: Enumerating with NMAP Our first step is to enumerate with NMAP. ➜ shocker nmap -A -vv 10.129.5.141 -Pn Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower. Starting Nmap 7.93SVN ( https://nmap.org ) at 2023-01-26 17:34 EST NSE: Loaded 156 scripts for scanning....
Valentine is a fun box that tasks the user with using the heartbleed vulnerability to gain critical information about the target and ultimately compromise the box. Step 1: Enumerate with NMAP As usual, the first step in our investigation is to run an NMAP scan against the target to check for any open ports or running services. ➜ valentine nmap -vv 10.129.198.178 -Pn Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower....
Grandpa is a relatively straightforward box that tests the user’s ability to enumerate with NMAP and Metasploit. Although the initial compromise may differ from Granny, the privlege escalation process is identical. Step 1: Enumerate with NMAP As usual, our first step in the investigation is scanning the target with NMAP to check for any exposed ports and services. ➜ grandpa nmap -vv -A 10.129.93.230 -Pn Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower....
Granny is a surpisingly challenging box if you don’t use metasploit for the initial compromise. This machine tests the user’s ability to enumerate web services, exploit WebDAV, and use metasploit to escalate privileges. Step 1: Enumerate with NMAP We start our investigation by enumerating with NMAP. ➜ granny nmap -v -A 10.129.95.234 -Pn Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower. Starting Nmap 7....