An hard box by jkr. Very cool box overall, really enjoyed both the initial compromise as well as the privesc.
As this box is still active the walkthrough is not available.
root@zetta:/var/lib/postgresql# whoami && hostname
root
zetta
An medium box by Cyb3rb0b. Oh how I had a hard time with the initial compromise on this one. That being said while I found it rough it was a great learning experience. Additionally, I found it really useful for studying for my OSWE since it let me do a bit of scripting.
As this box is still active the walkthrough is not available.
meterpreter > sysinfo
Computer : JSON
OS : Windows 2012 R2 (6.3 Build 9600).
Architecture : x64
System Language : en_US
Domain : WORKGROUP
Logged On Users : 1
Meterpreter : x86/windows
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter >
An hard box by ompamo. Really enjoyed this one, enumeration is key here, and many, many different kinds of enumeration will be needed. I really liked how for a hacking challenge it really incorporated non-hacking disciplines into its exploitation. A novel idea!
As this box is still active the walkthrough is not available.
# hostname
ib01
# id
uid=0(root) gid=0(root) groups=0(root),1004(customers)
#
An hard box by TRX. Excellent privesc on this one! I had been wanting to do this particular escalation for a while now but had not had the opporunity. The path to user was interesting… but it did feel a little CTF like to me. Again, enumeration is key here!
As this box is still active the walkthrough is not available.
PS C:\Windows\system32> whoami
nt authority\system
PS C:\Windows\system32> hostname
control
An insane box by Gioo & Cneeliz. One of my favorites to date. A really, REALLY cool initial exploitation method on this one and a painful but rewarding shell experience. The privesc was fun, although it did feel a bit CTF. That being said this is a great box for OSWE preparation!
As this box is still active the walkthrough is not available.
meterpreter > sysinfo
Computer : BANKROBBER
OS : Windows 10 (10.0 Build 14393).
Architecture : x64
System Language : nl_NL
Domain : WORKGROUP
Logged On Users : 1
Meterpreter : x86/windows
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter >
An medium box by MinatoTW & felamos . This one was quite an amusing box, it didn’t really feel all that challenging but it was fun. Path to user was pretty cool, a twist on a classic. Path to root was unique, I really enjoyed that.
As this box is still active the walkthrough is not available.
PS C:\Windows\system32> whoami
sniper\administrator
PS C:\Windows\system32>
An easy box by VbScrub. This box has a lot to offer in lessons to a newer player. Really enjoyed both the initial compromise down to the privilege escalation. Enumeration is key!
As this box is still active the walkthrough is not available.
C:\Windows\system32>hostname
HTB-NEST
C:\Windows\system32>whoami
nt authority\system
C:\Windows\system32>
An hard box by thek. I really enjoyed this box, it brings to light some pretty serious vulnerabilities in tools we see on a day to day basis. The path to user and root were both excellent and the ability to script most of the interactions really makes this a good box to practice for the OSWE.
As this box is still active the walkthrough is not available.
An easy box by mrb3n.
meterpreter > sysinfo
Computer : NETMON
OS : Windows 2016+ (10.0 Build 14393).
Architecture : x64
System Language : en_US
Domain : WORKGROUP
Logged On Users : 0
Meterpreter : x86/windows
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter >
An easy box by mrh4sh. Really simple box in the same venue as Lame, Blue, Grandma/Grandpa. Great for those starting out to attempt.
meterpreter > sysinfo
Computer : JERRY
OS : Windows Server 2012 R2 6.3 (amd64)
Meterpreter : java/windows
meterpreter > getuid
Server username: JERRY$
meterpreter >
An easy box by ch4p. Great for getting to know metasploit, or practice if you want to find and modify the exploit from exploit-db.com.
meterpreter > sysinfo
Computer : HARIS-PC
OS : Windows 7 (6.1 Build 7601, Service Pack 1).
Architecture : x64
System Language : en_GB
Domain : WORKGROUP
Logged On Users : 0
Meterpreter : x64/windows
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter >
So a team member at work mentioned https://www.hackthebox.eu today, I mistook it for a project I had been following previously called http://root-the-box.com/. But i decided to check it out and was quite pleasantly surprised.
To get an invite to hack the box you have to do an entry level attack against their website, while not completely trivial it wasn’t a 10 second deal. After a few minutes working the the problem I got my invite code and joined the 4,000 other folks who were attempting to Hack the Box!
I must say, their web interface is AMAZING. The submission of proof files to validate that you got either user or root level access on the system is top notch, as well as the reset/point system. The social aspect is also quite well done. All in all I think their setup is excellent. Considering they work entirely on donations the systems run quite well. They have 20 active boxes currently and are looking to release another box in the near future. While the population of folks is not as controlled as the PWK environment was, it is not bad overall, very nice folks and not toxic at all.
I can see many ways that Offensive Security would benefit from a front-end similar to this for their Lab environments, however I must give praise to Offensive Security in the fact that many, many systems are linked and there is a requirement to pivot between systems to be able to attack systems in networks not directly accessible by the end user. Hack the Box feels very much like a hosted Vulnhub environment which is to say it is quite good and entertaining but not cohesive in its systems.
Overall I can see myself spending many hours on this system, in my short time since joining I feel quite good in having owned 4 systems and 6 users. While I will not dedicate as much time as I did in PWK this looks to be an excellent way to reinforce skills previously learned and provide many more hours of frustration and excitement.
Well, I completed my OSCP lab time in late December and it was a great experience. I had to devote countless hours during the 3 month lab time to completing the exercises as well as attempting to break into as many systems as possible. Overall the training was excellent with the provided materials being very well organized and explained extremely well. I was already well versed with various techniques used in the class, however my experience outside of Metasploit was somewhat limited. The prohibition of using metasploit modules against most of the exam systems really motivated me to break into all the systems without the aid of Metasploit; I did however use meterpreter to make persistence a bit easier.
I completed another quality Cybrary course today. This one was rather brisk, while it had a decent amount of content I found that I already had a good grasp of most of it. That being said, it did provide a good brush up on ways to hide tracks on Linux systems that I did not have good experience with (touch and shell within a shell). Surprisingly it did not cover things in linux that may or may not work depending on the implementation, such as adding a space prior to commands to have them bypass bash_history. It did have great coverage of wmic which I had not used in the past for information gathering with a pen testing mentality, I suppose it makes a ton of sense as I had used it for administrative information gathering in the past, I guess I had just not made the leap to using it as a red teamer. Good stuff.
Overall I liked it, I do feel it would have fit in the Advanced Pen Testing Course as extra lessons, but separation also works.
So I came across Billy Madison 1.0, a recently published vulnerable system. As I had really enjoyed this author’s previous Tommy Boy 1.0, I decided to have at it. Boy was it fun, but I did run across a few hurdles along the way due to my thinking.
Big thanks to Brian Johnson for making it and helping me waste several hours of my life on it.
An Office Space themed VM Breach 2.1 written by mrb3n, was a continuation on Breach 1.0, which I enjoyed so I downloaded it to continue on.
So I came across Tommy Boy 1.0 and I was a fan of the movie and it sounded fun, I decided to give it a go. It was quite fun really enjoyed it, especially all the trolls in it.
Big thanks to Brian Johnson for making it and helping me waste several hours of my life on it.
Looking through the more recent VulnHub entries I came across Necromancer written by xerubus, sounded interesting enough so I decided to take a stab at it.
Quite fun, some pretty neat tricks in it.
I completed another quality Cybrary course today. This one took me a bit longer than my previous one as it had some good overviews of some tools I did not have a ton of experience with. I also ended up skipping a couple parts that I felt I had a very good understanding. My overall experience was good, it some great information. The presenter also did a great job and was obviously quite knowledgeable in the area. However, I am a bit taken back by calling this Advanced Penetration Testing. That being said I did not take the lower level courses so I may just be biased on this one.
That being said once I got to Exploit Development I adored the course. Exploit Development is something I feel quite weak in so going through that really opened my eyes on how to do many of these stack based exploits. I supposed I was always intimidated by the concepts, but in the end its really not black magic (to start at least). It really peaked my interest and has gotten me to look for more exploit development training and challenges.
Overal, take it. Its worth it especially for the price.
I completed my first Cybrary course today to brush up on Web Application PenTesting. I ran through it in a couple of hourse, and honestly skipped a couple parts that I felt I had a very good understanding of. My overall experience was good, it had tons of good information and I quite liked the presenter. I feel he did an good job at presenting an Introduction to Web Application Testing.
I would recommend this course for anyone starting out in WebApp PenTesting or anyone who has been away from it for a while. I believe it helped me remember my previous training, as well as it introduced me to a couple of other tools that I had not previously been exposed to like sqlsus. I really enjoyed it and plan on doing other trainings from Cybrary in the near future.
So today I got wind of a Cybrary. Pretty neat free InfoSec training (and some other topics as well), something similar to SecurityTube. It had quite a good selection of courses I want to take to brush up on pen testing and improve the skills. So I’ll post some reviews of those as I complete them.
Woot, so I got approved to take OSCP, so planning on starting that the end of September. That gives me a month to get my feet wet on Exploit Development, since that is a very weak area of mine.
I’m expecting that with my previous trainings, and experiences that I won’t have issues on many parts of it, but I know I’ll have to Try Harder many, many, many times so electing to go with the 90 days of labs option so I can fully exploit everything there is in the Lab Environment before going to the exam.
Quick little VM Simple CTF written by Robert Winkel, sounded like a good simple one to tackle when brushing up Web App testing.
Short, sweet, and still learned something.
Welcome to my ramblings. Here you will find my thoughts on various Information Security related topics as well as walkthrough’s on various vulnerable systems that I enjoyed.
Note: As I recently moved to Github Pages I will be backfilling old posts in the near future.