Blog for tracking current projects and resources for IT security + pen-testing.
Source: https://www.vulnhub.com/entry/bulldog-1,211/
After a long holiday break working through the SANS Holiday Hack Challenge & HTB machines it’s time for another writeup to ring in the new year! As indicated by the author this should be a beginner/intermediate level machine.
Starting off we’ll scan for the target’s assigned IP:
nmap 192.168.111.0/24 -sP
Source: https://www.vulnhub.com/entry/the-ether-evilscience,212/
I was all set to get started on another VM (g0rmint) but ultimately couldn’t get networking to work with it under VirtualBox using NAT/bridge/host-only or any other type of adapter and trying out other misc. settings. Sad times.
So in its place I’ll be doing “The Ether”, another VM that was pretty recently posted to Vulnhub. The author hints this is not for beginners and hopes for some OSCPers to try it out so hopefully this should be a good challenge. 🙂
Source: https://www.vulnhub.com/entry/game-of-thrones-ctf-1,201/
I’m a sucker for a challenge (this one advertises itself as medium-high difficulty) and a good theme. As per the vulnhub.com instructions for this CTF there are: Continue reading “Game of Thrones CTF: 1 – Vulnhub Writeup”
Source: https://www.vulnhub.com/entry/brainpan-1,51/
This is another VM from Vulnhub that was recommended on Abatchy’s blog for OSCP preparation. I think this will be the last Linux box for a while and I will try to delve into vulninjector or other Windows-based vulnerable systems. This one has been marked as intermediate-level difficulty so hopefully will be a bit more challenging than the previous one! Let’s get started. Continue reading “Brainpan: 1 – Vulnhub Writeup”
Source: https://www.vulnhub.com/entry/lazysysadmin-1,205/
Another fun looking boot2root vulnhub VM that came out in in last months large batch release! This one is supposedly inspired by the author failing the first OSCP attempt (maybe it will offer clues so I won’t meet a similar fate later this month?).
Let’s start off with the usual scan to confirm the target’s IP assigned on the network. Continue reading “LazySysAdmin: 1 – Vulnhub Writeup”
Source: https://www.vulnhub.com/entry/rickdiculouslyeasy-1,207/
It’s been a while since I’ve done a full writeup so figured I was due for posting another one. Mainly I’ve been working through as many HacktheBox Windows machines as possible in preparation for the OSCP exam (I think I’m finally getting somewhat decent at Windows priv-esc).
Vulnhub just posted a bunch of new VMs, though, and I couldn’t resist doing a Ricky & Morty themed challenge. 🙂 There will be a series of flags totaling 130 worth of points…so let’s see if we can get them all!
Source: https://www.vulnhub.com/entry/kioptrix-level-13-4,25/
4th in the series now of Kioptrix (1 to go!). I’ll be concluding the reading/video portion of OSCP studying soon and will be doing a lot of practice in the online labs so this may be my last vulnhub VM in a while. These have been a great learning experience and I’m looking forward to doing the next one soon!
To get this started, we’ll do the usual nmap host discovery scan.
nmap 192.168.111.0/24 -sP
Continue reading “Kioptrix: Level 1.3 (#4) – Vulnhub Writeup”
Source: https://www.vulnhub.com/entry/kioptrix-level-12-3,24/
The next one up in the Kioptrix series! According to the Kioptrix 1.2 blog entry we will just need to make a quick modification to our hosts file to get the webapp working. As far as getting this up in VirtualBox I didn’t have to do anything special except add the VMDK as a IDE hard drive.
Let’s go ahead and start with an nmap host discovery scan and then we can map the IP to “kioptrix3.com” as instructed in the post.
nmap 192.168.111.0/24 -sP
Continue reading “Kioptrix: Level 1.2 (#3) – Vulnhub Writeup”
Source: https://www.vulnhub.com/entry/kioptrix-level-11-2,23/
For this next vulnhub writeup in the Kioptrix series I’m going to try and stick to a couple ground rules to both keep difficulty up and to aid a little in my own person learning;
1. No exploits used outside of a 30 day window of VM release date – in this case 11 Feb 2011
2. Try to stick as much as possible to more manual exploit techniques.
With that let’s get started…
Start off as always with an initial host discovery scan via nmap:
nmap 192.168.111.0/24 -sP
Continue reading “Kioptrix: Level 1.1 (#2) – Vulnhub Writeup”
Source: https://www.vulnhub.com/entry/kioptrix-level-1-1,22/
I took a little break to try out hackthebox.eu (which I highly recommend!). Unfortunately due to the member rules I won’t be posting any writeups for the vulnerable machines there. Also ended up switching over to Arch Linux on my main lab workstation so that ended up consuming a lot of time getting setup again.
I’m planning on going through the entire series of Kioptrix Vulnhub VMs as they’re often recommended as additional practice for OSCP. And with that…let’s get started on part 1 of the series!
Starting with the typical nmap host discovery scan to detect the IP:
nmap 192.168.111.0/24 -sP Continue reading “Kioptrix: Level 1 – Vulnhub Writeup”