Backdoor

A rated easy box, made harder if you’re not familiar with the app/port in question, at least that’s my excuse for struggling a bit! Root was clever, simpler than I made it, rewarding RTFM :smile:

December 20, 2021 · 15 min · allFun

Horizontall

A fun box, it took me an embarassing amount of time to get the privesc to root working, despite knowing exactly what I needed to do! A box that rewards good thorough enumeration

December 19, 2021 · 14 min · allFun

ContainMe

Recon to foothold We’ll start with a comprehensive scan rob:ContainMe/ $ sudo masscan -p1-65535,U:1-65535 10.10.235.206 --rate=1000 -e tun0 [sudo] password for rob: Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-11-19 14:32:46 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 2222/tcp on 10.10.235.206 Discovered open port 8022/tcp on 10.10.235.206 Discovered open port 22/tcp on 10.10.235.206 Discovered open port 80/tcp on 10.10.235.206 And now an nmap for the found ports...

November 19, 2021 · 9 min · allFun

Temple

Another good box, perhaps more of a medium level than hard. Initial foothold needs long patient enumeration, wordlist choice is pretty key

November 18, 2021 · 10 min · allFun

Zeno

A good box that rewards thorough enumeration, medium level is about right although privesc to root is pretty simple

November 2, 2021 · 10 min · allFun

Uranium CTF

Recon to foothold We are given an employee’s Twitter account, hakanbey, so let’s start there and look for potentially useful snippets We get a hostname to add to /etc/hosts We find an invitation to send an XSS or similar attack That’s about all we can extract from the Twitter account, let’s have a look at the deployed machine now, starting as always with a scan...

September 29, 2021 · 12 min · allFun