Vulnhub started hosting a machine named SecureCode: 1 on February 23rd, 2021. This machine was created by the user sud0root with a description of “OSWE-like machine”. Overall the machine was simple, but it did provide some good practice reviewing code and writing a proof of concept exploit script. Reconnaissance To begin, I executed a Nmap …
Hack the box released a machine named Falafel in 2018. The difficulty set by the community and HTB is Hard, and I can see why considering the machine required quite a few different attack types including blind SQL injection, password cracking, type juggling, file upload bypass, and abusing Linux permissions and group misconfigurations to finally …
The security community has compiled a well-known list of machines available outside of the PEN-200 Labs to help prepare for the OSCP exam, but few know that an OSWE list is in its infancy as well. The OSWE list can be found here. At the top of the Vulnhub list was Silky-CTF: 0x02. Though the …
Offensive Security’s ZenPhoto is a Linux machine within their Proving Grounds – Practice section of the lab. This machine is rated intermediate from both Offensive Security and the community. I feel that rating is accurate. Keep in mind that the IP will change throughout the screenshots and cli output due to working on the box …
Jacko from Offensive Security is a Windows box with a difficulty rating of intermediate. This box included a simple path to RCE with a tricky foothold and privilege escalation. I end up going down a few rabbit holes at each stage. Lets get started with some recon. Reconnaissance NMAP scan running all scripts, determine services/version …
Banzai from Offensive Security was released on August 3rd, 2020. This machine is a Linux machine with the difficulty rating of intermediate. The flavor text provided with the VM is “You should be careful around raptors – they are dangerous!”. Even after rooting the box, this doesn’t make sense to me. Maybe I took an …
Nibbles from Offensive Security is a great example of getting root on a box by just “Living off The Land”. This boot to root includes no exploitation scripts and shows the importance of hardening systems before deploying to production. Now, on to the hacking. Reconnaissance We start off with a basic nmap scan. First, lets …
Offensive security has released an easy box offered in the practice section of the Proving Grounds. This Windows box is named Metallus. Lets see if we can get root on this one. Reconnaissance Starting with some initial enumeration. Nmap scan -Pn to ignore ping check, -sV to check versions, -sC to run all scripts, and …
ClamAV is a machine available in the Practice area of the Offensive Security Proving Grounds. This box difficulty is easy. Lets dive in and take a look. Reconnaissance Starting with a nmap scan enabling all scripts, detecting versions, and output all formats to files starting with the string “simple”. Weaponization and Delivery So using this …
Internal is a machine available in the Practice area of the Offensive Security Proving Grounds. This machine was super easy, so I will be focusing on manual exploitation and solid enumeration. Reconnaissance Lets start with some basic enumeration. Here we immediately see our target is “Windows Server (R) 2008 Standard 6001 Service Pack 1”. We …