Access

Access is a fun box that switches things up a bit by forcing the user the compromise the target via telnet. Users are tasked with enumerating open ports with nmap, exploring ftp, and finding plaintext credentials. Step 1: Enumerating with NMAP ➜ access nmap -A -vv 10.129.18.109 -p- -Pn Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower. Starting Nmap 7.93SVN ( https://nmap.org ) at 2023-02-19 13:06 EST NSE: Loaded 156 scripts for scanning....

February 19, 2023

Jeeves

Jeeves is a challenging box that tests the user’s ability to enumerate web directories, upload reverse shell code, and escalate privileges with metasploit. The creator of this box also tries to trick the user by hiding the flag, but it is easily uncovered with a few additional commands. Step 1: Enumerate with NMAP We start our investigation by scanning the target with NMAP. ➜ jeeves nmap -vv -A 10.129.213.25 -p- -Pn Host discovery disabled (-Pn)....

February 17, 2023

Secnotes

SecNotes is a challenging box that tests the user’s ability to exploit common web application vulnerabilities to uncover sensitive information and upload files to gain access to the target. This box is interesting because it is a Windows target that tests the user’s Linux knowledge as well. Step 1: Enumerating with NMAP As usual, the first step in our investigation is to enumerate the target with NMAP. ➜ secnotes nmap -vv 10....

January 31, 2023

Chatterbox

Chatterbox is a rather challenging box that tests the user’s ability to enumerate with NMAP, exploit a target with Metasploit, and find reused plaintext credentials to compromise the target. Step 1: Enumerate with NMAP As usual, the first step in our investigation is to enumerate the target with NMAP. ➜ chatterbox nmap -vv -A 10.129.3.102 -Pn -p- Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower....

January 30, 2023

Devel

Devel is a short and sweet box that tests the user’s ability to enumerate with NMAP and Metasploit.

January 29, 2023

Arctic

Arctic is a simple, yet troublesome box, largely due to it’s slow performance and old age.

January 27, 2023

Shocker

Shocker is a relatively straightforward box that tasks the user with enumerating with NMAP and Gobuster, as well as using public exploits to compromise the target. Step 1: Enumerating with NMAP Our first step is to enumerate with NMAP. ➜ shocker nmap -A -vv 10.129.5.141 -Pn Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower. Starting Nmap 7.93SVN ( https://nmap.org ) at 2023-01-26 17:34 EST NSE: Loaded 156 scripts for scanning....

January 26, 2023

Valentine

Valentine is a fun box that tasks the user with using the heartbleed vulnerability to gain critical information about the target and ultimately compromise the box. Step 1: Enumerate with NMAP As usual, the first step in our investigation is to run an NMAP scan against the target to check for any open ports or running services. ➜ valentine nmap -vv 10.129.198.178 -Pn Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower....

January 25, 2023

Grandpa

Grandpa is a relatively straightforward box that tests the user’s ability to enumerate with NMAP and Metasploit. Although the initial compromise may differ from Granny, the privlege escalation process is identical. Step 1: Enumerate with NMAP As usual, our first step in the investigation is scanning the target with NMAP to check for any exposed ports and services. ➜ grandpa nmap -vv -A 10.129.93.230 -Pn Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower....

January 25, 2023

Granny

Granny is a surpisingly challenging box if you don’t use metasploit for the initial compromise. This machine tests the user’s ability to enumerate web services, exploit WebDAV, and use metasploit to escalate privileges. Step 1: Enumerate with NMAP We start our investigation by enumerating with NMAP. ➜ granny nmap -v -A 10.129.95.234 -Pn Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower. Starting Nmap 7....

January 24, 2023