Month: January 2018

Vulnhub: USV 2017 Boot2Root VM

Introduction Today we’re going to be taking a look at the “USV: 2017” VM from Vulnhub! This was a super fun CTF, comprised of 5 flags in the format of country:MD5 hash. This CTF had a bit of everything and required some nice creative problem solving to complete! NMap [crayon-5c94f7e071d85782458700/]   W0Ot, we got our

Vulnhub: Kioptrix #5 Boot2Root VM

¬† Introduction Today I’ll be demonstrating how to compromise the fifth and final box in the Kioptrix series. This box was amazing¬†– really fun twist with the IDS / httpd config blocking access to port 8080, also my first boot2root based on a FreeBSD system rather than a Linux system (which came with it’s own

Vulnhub: Kioptrix #4 Boot2Root VM

  Introduction Today I’ll be demonstrating how to compromise the fourth box in the Kioptrix series. This was the first box which stretched me as a fledgling penetration tester, escaping restricted shells and escalating privilege without using a magical Kernel exploit! (because I was too lazy to install missing libraries in Kali so I could

Vulnhub: Kioptrix #3 Boot2Root VM

  Introduction Today I’ll be demonstrating how to compromise the third box in the Kioptrix series. Really enjoyed this box, had a nice twist which requires some knowledge of how sudo works on Linux and how simple misconfigurations can create holes in systems. It’s worth noting that there are lots of ways to exploit this

Vulnhub: Kioptrix #2 Boot2Root VM

    Introduction As part of my series of blogs detailing how to compromise the Kioptrix series of boot2root challenges, today I’ll be documenting one method of compromising the second box. NMap Similar to box #1, in terms of available ports – SSH HTTP RPC HTTPS CUPS (interesting..!) RPC Status MySQL Analysis This box isn’t