Welcome to a blog by allFun

Over a couple of decades in Telecoms and IT, in a wide variety of roles, having both management experience and familiarity with the underlying technology has been really valuable

Many of my roles have included security as a critical element, but less and less focused on the technical details as time went by. So about mid-2020 I decided to resharpen my technical skills, with cybersecurity in focus. More about me in the ‘whoami’ section above

This blog contains writeups for challenge boxes, notes on techniques & tools and general thoughts. All these thoughts are my own, I couldn’t give them away!

Enjoy, I hope someone finds it useful, maybe say hi on twitter if you did 😄

Meta

As this machine is still active, the following content is protected Javascript needs to be enabled to decrypt content Recon to foothold We’ll start with masscan rob:Meta/ $ sudo masscan -p1-65535,U:1-65535 10.129.100.45 --rate=1000 -e tun0 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-23 17:19:18 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 22/tcp on 10.129.100.45 Discovered open port 80/tcp on 10.129.100.45 And now nmap for more detail on our found ports...

January 23, 2022 · 15 min · allFun

Timing

Very clever box, lured me into thinking I had the solution but pulled a switcheroo! Also I’ve left in a typo that caused hours of confusion, always be aware of not getting in your own way! Privesc was a clever wrinkle on a pretty common technique. Overall a really enjoyable challenge

January 21, 2022 · 21 min · allFun

Pandora

A good fun box, pretty stragithforward and at a good level for an easy-rated machine. Clever escalations needing a good bit of research, excellent!

January 17, 2022 · 13 min · allFun

Hamlet

Recon to foothold Let’s begin with a scan, first masscan rob:~/ $ sudo masscan -p1-65535,U:1-65535 10.10.34.135 --rate=1000 -e tun0 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-15 21:04:27 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 8080/tcp on 10.10.34.135 Discovered open port 501/tcp on 10.10.34.135 Discovered open port 8000/tcp on 10.10.34.135 Discovered open port 21/tcp on 10.10.34.135 Discovered open port 80/tcp on 10.10.34.135 Discovered open port 22/tcp on 10....

January 15, 2022 · 21 min · allFun

Driver

As this machine is still active, the following content is protected Javascript needs to be enabled to decrypt content Recon to Foothold We’ll kick of with a masscan to find all open hosts rob:Driver/ $ sudo masscan -p1-65535,U:1-65535 10.10.11.106 --rate=1000 -e tun0 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-12-23 21:04:55 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 80/tcp on 10.10.11.106 Discovered open port 445/tcp on 10....

December 21, 2021 · 19 min · allFun

Secret

A good fun box, imho though it’s pretty much all the way over to medium, not easy as rated. User is pretty straightfoward with thorough enumeration but the privesc to root is more than beginner level for sure, took a bit of thinking and trial and error!

December 21, 2021 · 25 min · allFun