linux

As this machine is still active, the following content is protected Javascript needs to be enabled to decrypt content Recon to foothold We’ll start with masscan rob:Meta/ $ sudo masscan -p1-65535,U:1-65535 10.129.100.45 --rate=1000 -e tun0 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-23 17:19:18 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 22/tcp on 10.129.100.45 Discovered open port 80/tcp on 10.129.100.45 And now nmap for more detail on our found ports...

Very clever box, lured me into thinking I had the solution but pulled a switcheroo! Also I’ve left in a typo that caused hours of confusion, always be aware of not getting in your own way! Privesc was a clever wrinkle on a pretty common technique. Overall a really enjoyable challenge

A good fun box, pretty stragithforward and at a good level for an easy-rated machine. Clever escalations needing a good bit of research, excellent!

Recon to foothold Let’s begin with a scan, first masscan rob:~/ $ sudo masscan -p1-65535,U:1-65535 10.10.34.135 --rate=1000 -e tun0 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-15 21:04:27 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 8080/tcp on 10.10.34.135 Discovered open port 501/tcp on 10.10.34.135 Discovered open port 8000/tcp on 10.10.34.135 Discovered open port 21/tcp on 10.10.34.135 Discovered open port 80/tcp on 10.10.34.135 Discovered open port 22/tcp on 10....

A good fun box, imho though it’s pretty much all the way over to medium, not easy as rated. User is pretty straightfoward with thorough enumeration but the privesc to root is more than beginner level for sure, took a bit of thinking and trial and error!

A rated easy box, made harder if you’re not familiar with the app/port in question, at least that’s my excuse for struggling a bit! Root was clever, simpler than I made it, rewarding RTFM :smile: