Blog for tracking current projects and resources for IT security + pen-testing.
Source: https://www.vulnhub.com/entry/tophatsec-fartknocker,115/
Today’s vulnhub challenge is Beavis and Butthead themed! This will be another mystery VM for me…basically no knowledge of skill level or exploits required on this one. I enjoyed another of TopHatSec’s VM challenges Freshly so am hoping this will be a good one as well. Anyway, let’s get underway.
Back in late 2016 I built a pfSense firewall based on the Fitlet XA10-LAN:
Source: https://www.vulnhub.com/entry/stapler-1,150/
I came across this VM through a list of OSCP-like VMs on abatchy’s blog and decided to give it a try. Other than that and the readme stating this is a “beginner/intermediate’-level VM, I don’t know much else about it so let’s get to it!
A quick host discovery scan to detect the victim’s IP:
nmap 192.168.111.0/24 -sP
Source: https://www.vulnhub.com/entry/tophatsec-freshly,118/
For this next writeup I wanted to try out a vulnerable VM that dealt at least in part with SQL-injection as a means to exploit. I’m not entirely sure how this will turn out because I tried to be relatively cautious in avoiding any possible spoilers while searching for VMs exploitable in this way. I’ll just cross my fingers and start…
Start off with a quick host discovery nmap scan to find the target’s IP:
nmap 192.168.111.0/24 -sP
This is meant to be a personal log of study progress toward OSCP certification.
8/31/2017
PWK Videos: 106-110
PWK Readings: pp276-288
Online PW Attacks, PW Hash Attacks, Port Redirection + Tunneling Intro
Additional Studying:
8/30/2017
PWK Videos: –
PWK Readings: –
Additional Studying: SickOs 1.2 – Finished!
Part 1: OpenVPN Setup
Part 2: FreeRADIUS3 Setup
Part 3: Final Setup – Connecting the Two
Go to the VPN menu, OpenVPN, then go to the Servers tab.
Continue reading “pfSense OpenVPN Setup with FreeRadius3 2fa Authentication: Part 3 (Final Setup)”
Part 1: OpenVPN Setup
Part 2: FreeRADIUS3 Setup
Part 3: Final Setup – Connecting the Two
Once installed, we’ll begin the setup by going into the Services menu, then FreeRADIUS.
Source: https://www.vulnhub.com/entry/sickos-12,144/
First off similarly to SickOs 1.1 I will be adapting this VM to work within VirtualBox as it is originally built for VMware.
Like before create a new VM in Virtualbox using the following settings:
Name: SickOs 1.2
Type: Linux
Version: Ubuntu or Debian (64-bit)
Memory: At least 512MB
Hard Disk: Do not add a virtual disk
The purpose of this 3 part series will be to implement FreeRADIUS3 authentication with OpenVPN and allow you to use 2-factor authentication methods such as Google Authenticator.
Prerequisites: This guide will assume you have pfSense version 2.3.4+ installed, and are starting from scratch setting up OpenVPN + the FreeRadius3 package.
Part 1: OpenVPN Setup
Part 2: FreeRADIUS3 Setup
Part 3: Final Setup – Connecting the Two
Continue reading “pfSense OpenVPN Setup with FreeRadius3 2fa Authentication: Part 1 (OpenVPN Setup)”
Source: https://www.vulnhub.com/entry/sickos-11,132/
Some initial notes: The SickOs series has been recommended by a lot of people to be fairly similar to OSCP labs so I figure it should be some good enriching practice. I think I’m going to try to make it a point with each new writeup to either try out some new tools, or at least use past tools in new or more focused ways for better efficiency.
Though this VM is built for VMWare, I’ve always been more of a VirtualBox guy so we’ll start off by importing the machine into VBox.
To do so create a brand new VM in Virtualbox with the following settings:
Name: SickOs 1.1
Type: Linux
Version: Ubuntu or Debian (64-bit)
Memory: At least 512MB
Hard Disk: Do not add a virtual disk