As this machine is still active, the following content is protected
Javascript needs to be enabled to decrypt content Recon to foothold We’ll start with masscan
rob:Meta/ $ sudo masscan -p1-65535,U:1-65535 10.129.100.45 --rate=1000 -e tun0 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-23 17:19:18 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 22/tcp on 10.129.100.45 Discovered open port 80/tcp on 10.129.100.45 And now nmap for more detail on our found ports...
Timing
Very clever box, lured me into thinking I had the solution but pulled a switcheroo! Also I’ve left in a typo that caused hours of confusion, always be aware of not getting in your own way! Privesc was a clever wrinkle on a pretty common technique. Overall a really enjoyable challenge
Pandora
A good fun box, pretty stragithforward and at a good level for an easy-rated machine. Clever escalations needing a good bit of research, excellent!
Driver
As this machine is still active, the following content is protected
Javascript needs to be enabled to decrypt content Recon to Foothold We’ll kick of with a masscan to find all open hosts
rob:Driver/ $ sudo masscan -p1-65535,U:1-65535 10.10.11.106 --rate=1000 -e tun0 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-12-23 21:04:55 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 80/tcp on 10.10.11.106 Discovered open port 445/tcp on 10....
Secret
A good fun box, imho though it’s pretty much all the way over to medium, not easy as rated. User is pretty straightfoward with thorough enumeration but the privesc to root is more than beginner level for sure, took a bit of thinking and trial and error!
Backdoor
A rated easy box, made harder if you’re not familiar with the app/port in question, at least that’s my excuse for struggling a bit! Root was clever, simpler than I made it, rewarding RTFM :smile: