Horizontall

A fun box, it took me an embarassing amount of time to get the privesc to root working, despite knowing exactly what I needed to do! A box that rewards good thorough enumeration

December 19, 2021 · 14 min · allFun

ContainMe

Recon to foothold We’ll start with a comprehensive scan rob:ContainMe/ $ sudo masscan -p1-65535,U:1-65535 10.10.235.206 --rate=1000 -e tun0 [sudo] password for rob: Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-11-19 14:32:46 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 2222/tcp on 10.10.235.206 Discovered open port 8022/tcp on 10.10.235.206 Discovered open port 22/tcp on 10.10.235.206 Discovered open port 80/tcp on 10.10.235.206 And now an nmap for the found ports...

November 19, 2021 · 9 min · allFun

Temple

Another good box, perhaps more of a medium level than hard. Initial foothold needs long patient enumeration, wordlist choice is pretty key

November 18, 2021 · 10 min · allFun

Zeno

A good box that rewards thorough enumeration, medium level is about right although privesc to root is pretty simple

November 2, 2021 · 10 min · allFun

Uranium CTF

Recon to foothold We are given an employee’s Twitter account, hakanbey, so let’s start there and look for potentially useful snippets We get a hostname to add to /etc/hosts We find an invitation to send an XSS or similar attack That’s about all we can extract from the Twitter account, let’s have a look at the deployed machine now, starting as always with a scan...

September 29, 2021 · 12 min · allFun

Empline

A fairly easy ‘medium’ box, once the couple of key concepts used are known. Very good CVE to demonstrate and good to read deeper on as a directory traversal example

September 28, 2021 · 10 min · allFun