Month: March 2018

TrollCave Boot to Root VM Walkthrough PART ONE

Introduction Today we’ll begin the process of compromising one of Vulnhub’s latest VMs, “TrollCave”. The author, David Yates, says that this VM is attempting to be as realistic as possible, AKA straying from the usual contrived scenarios which pop up in some CTFs (port knocking, MP3 file waveform analysis etc.) The author has also stressed

SickOs: 1.2 Boot to Root VM Walkthrough

Introduction Today I’ll be compromising the SickOs: 1.2 VM hosted by Vulnhub and created by @D4rk36. This was an obscure and fairly tough VM with a teensy tiny foothold-vulnerability that I’d not previously come across! NMap #1 [crayon-5c94f9c145db9989761293/] Tiny attack surface. Old SSH server and a lighttpd HTTP server. Incidentally this version is apparently broken with a

VulnOS: 2 Boot to Root VM Walkthrough

Introduction Today I’ll be documenting how to fully compromise the VulnOS: 2 VM, created by @c4b3rw0lf. This was a tough VM, centred around a Joomla web app. This was of particular interest to me as I’d never attempted to compromise a Joomla app prior to this VM. Onwards!

Vulnhub: HackLAB: Vulnix Boot2Root VM

Introduction Today I’ll be writing up the method I used to compromise the excellent Vulnix VM hosted by Vulnhub, created by @oshearing This one was quite difficult and took a good few hours for me to work out what needed to happen to compromise it, but I got to use some fun new tools and

Vulnhub: Mr. Robot Boot2Root VM

Introduction Today I’ll be documenting my method for compromising the Mr. Robot VM created by @Sho_Luv and hosted by Vulnhub. This is a mini CTF with 3 “flags” to capture, Vulnhub touts this as being “beginner / intermediate”. Let’s get to it! NMap NMap reports that the following TCP ports are listening on the box –

Exploit Exercises: Protostar: Stack 7

Introduction This time we’ll be covering how to compromise Stack 7 from the Protostar VM from Exploit Exercises. The last couple of write ups have been.. lengthy.. But this one will be slightly shorter, as a lot of the techniques are similar to the last write up – with only a slight tweak. This exercise suggests

Exploit Exercises: Protostar: Stack 6

Introduction This time we’re going to compromise Stack 6 from the Exploit Exercises Protostar VM. The description of this challenge states that it can be solved a few ways – Finding the payload duplicate The ret2libc method Using ROP We’re going to use method 2, using this excellent PDF as our guiding light. Onwards! The

Exploit Exercises: Protostar: Stack 5

Introduction Continuing with the Protostar VM for a bit longer, today I’ll be demonstrating how to solve “Stack 5“ Stack 5 has a teensy, tiny attack surface – it’s essentially two lines long. A buffer overflow in the buffer variable and…nothing else. Which means it’s our first time using shellcode!  The Vulnerability The vulnerability here

Exploit Exercises: Protostar Setup & Stack 0-4

Introduction In a break from my regularly scheduled penetration test / boot to root write ups I’m going to document how to complete a couple of the exercises from the Protostar VM from Exploit Exercises – normal boot-to-root service will resume shortly. 🙂 Setup If you’re reading this then you’re probably already experienced enough to spin