Author: OhExFortyOne

Exploit Exercises: Protostar: Stack 7

Introduction This time we’ll be covering how to compromise Stack 7 from the Protostar VM from Exploit Exercises. The last couple of write ups have been.. lengthy.. But this one will be slightly shorter, as a lot of the techniques are similar to the last write up – with only a slight tweak. This exercise suggests

Exploit Exercises: Protostar: Stack 6

Introduction This time we’re going to compromise Stack 6 from the Exploit Exercises Protostar VM. The description of this challenge states that it can be solved a few ways – Finding the payload duplicate The ret2libc method Using ROP We’re going to use method 2, using this excellent PDF as our guiding light. Onwards! The

Exploit Exercises: Protostar: Stack 5

Introduction Continuing with the Protostar VM for a bit longer, today I’ll be demonstrating how to solve “Stack 5“ Stack 5 has a teensy, tiny attack surface – it’s essentially two lines long. A buffer overflow in the buffer variable and…nothing else. Which means it’s our first time using shellcode!  The Vulnerability The vulnerability here

Exploit Exercises: Protostar Setup & Stack 0-4

Introduction In a break from my regularly scheduled penetration test / boot to root write ups I’m going to document how to complete a couple of the exercises from the Protostar VM from Exploit Exercises – normal boot-to-root service will resume shortly. 🙂 Setup If you’re reading this then you’re probably already experienced enough to spin

Vulnhub: PwnLab: Init Boot2Root VM

Introduction Today I’ll be compromising the PwnLab: Init VM created by @Chronicoder and hosted with love by Astute / psychic readers will have spotted that I’ve been following this list of VMs recently, as I’m working my way towards attempting the PWK / OSCP. Once this VM is done I’ll move on to the

Vulnhub: Stapler 1 Boot2Root VM

  Introduction Today I’ll be documenting the process I followed to compromise the Stapler 1 vulnerable VM created by g0tmi1k and hosted with love by Vulnhub Really, really enjoyed this box! Lots of fun twists, and I really loved the shenanigans on port 666 🙂 Port Scanning As usual, we kick off with a TCP port scan

Vulnhub: Fristileaks 1.3 Boot2Root VM

  Introduction This box is widely touted as being a good “OSCP prep” box, at the easier end of the difficulty spectrum. This blog post will detail how to achieve full compromise on the VM.   Note to the reader – I had a horrible time getting this to play nice with VirtualBox’s DHCP server,

Vulnhub: USV 2017 Boot2Root VM

Introduction Today we’re going to be taking a look at the “USV: 2017” VM from Vulnhub! This was a super fun CTF, comprised of 5 flags in the format of country:MD5 hash. This CTF had a bit of everything and required some nice creative problem solving to complete! NMap root@kali:~# nmap -sV -sC -p-

Vulnhub: Kioptrix #5 Boot2Root VM

  Introduction Today I’ll be demonstrating how to compromise the fifth and final box in the Kioptrix series. This box was amazing – really fun twist with the IDS / httpd config blocking access to port 8080, also my first boot2root based on a FreeBSD system rather than a Linux system (which came with it’s own

Vulnhub: Kioptrix #4 Boot2Root VM

  Introduction Today I’ll be demonstrating how to compromise the fourth box in the Kioptrix series. This was the first box which stretched me as a fledgling penetration tester, escaping restricted shells and escalating privilege without using a magical Kernel exploit! (because I was too lazy to install missing libraries in Kali so I could