Blog for tracking current projects and resources for IT security + pen-testing.
Source: https://www.vulnhub.com/entry/tophatsec-fartknocker,115/
Today’s vulnhub challenge is Beavis and Butthead themed! This will be another mystery VM for me…basically no knowledge of skill level or exploits required on this one. I enjoyed another of TopHatSec’s VM challenges Freshly so am hoping this will be a good one as well. Anyway, let’s get underway.
Source: https://www.vulnhub.com/entry/stapler-1,150/
I came across this VM through a list of OSCP-like VMs on abatchy’s blog and decided to give it a try. Other than that and the readme stating this is a “beginner/intermediate’-level VM, I don’t know much else about it so let’s get to it!
A quick host discovery scan to detect the victim’s IP:
nmap 192.168.111.0/24 -sP
Source: https://www.vulnhub.com/entry/tophatsec-freshly,118/
For this next writeup I wanted to try out a vulnerable VM that dealt at least in part with SQL-injection as a means to exploit. I’m not entirely sure how this will turn out because I tried to be relatively cautious in avoiding any possible spoilers while searching for VMs exploitable in this way. I’ll just cross my fingers and start…
Start off with a quick host discovery nmap scan to find the target’s IP:
nmap 192.168.111.0/24 -sP
Source: https://www.vulnhub.com/entry/sickos-12,144/
First off similarly to SickOs 1.1 I will be adapting this VM to work within VirtualBox as it is originally built for VMware.
Like before create a new VM in Virtualbox using the following settings:
Name: SickOs 1.2
Type: Linux
Version: Ubuntu or Debian (64-bit)
Memory: At least 512MB
Hard Disk: Do not add a virtual disk
Source: https://www.vulnhub.com/entry/sickos-11,132/
Some initial notes: The SickOs series has been recommended by a lot of people to be fairly similar to OSCP labs so I figure it should be some good enriching practice. I think I’m going to try to make it a point with each new writeup to either try out some new tools, or at least use past tools in new or more focused ways for better efficiency.
Though this VM is built for VMWare, I’ve always been more of a VirtualBox guy so we’ll start off by importing the machine into VBox.
To do so create a brand new VM in Virtualbox with the following settings:
Name: SickOs 1.1
Type: Linux
Version: Ubuntu or Debian (64-bit)
Memory: At least 512MB
Hard Disk: Do not add a virtual disk
Source: https://www.vulnhub.com/entry/fristileaks-13,133/
After the grueling beast that was The Necromancer I decided I needed to take a break with something hopefully a little bit easier and not as lengthy. This VM has been described as being closer to the beginner side so let’s spin it up and find out.
Continue reading “FristiLeaks: 1.3 VulnHub Writeup”
Source: https://www.vulnhub.com/entry/the-necromancer-1,154/
Starting off with a quick netdiscover to figure out what IP we’re dealing with:
Source: https://www.vulnhub.com/entry/mr-robot-1,151/
After spinning up the VM I’m met with this logon prompt:
I then run “netdiscover -r 192.168.111.0/24” to find the IP assigned by the host adapter via DHCP: