Access is a fun box that switches things up a bit by forcing the user the compromise the target via telnet. Users are tasked with enumerating open ports with nmap, exploring ftp, and finding plaintext credentials. Step 1: Enumerating with NMAP ➜ access nmap -A -vv 10.129.18.109 -p- -Pn Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower. Starting Nmap 7.93SVN ( https://nmap.org ) at 2023-02-19 13:06 EST NSE: Loaded 156 scripts for scanning....
Jeeves is a challenging box that tests the user’s ability to enumerate web directories, upload reverse shell code, and escalate privileges with metasploit. The creator of this box also tries to trick the user by hiding the flag, but it is easily uncovered with a few additional commands. Step 1: Enumerate with NMAP We start our investigation by scanning the target with NMAP. ➜ jeeves nmap -vv -A 10.129.213.25 -p- -Pn Host discovery disabled (-Pn)....
SecNotes is a challenging box that tests the user’s ability to exploit common web application vulnerabilities to uncover sensitive information and upload files to gain access to the target. This box is interesting because it is a Windows target that tests the user’s Linux knowledge as well. Step 1: Enumerating with NMAP As usual, the first step in our investigation is to enumerate the target with NMAP. ➜ secnotes nmap -vv 10....
Chatterbox is a rather challenging box that tests the user’s ability to enumerate with NMAP, exploit a target with Metasploit, and find reused plaintext credentials to compromise the target. Step 1: Enumerate with NMAP As usual, the first step in our investigation is to enumerate the target with NMAP. ➜ chatterbox nmap -vv -A 10.129.3.102 -Pn -p- Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower....
Devel is a short and sweet box that tests the user’s ability to enumerate with NMAP and Metasploit.