medium

As this machine is still active, the following content is protected Javascript needs to be enabled to decrypt content Recon to foothold We’ll start with masscan rob:Meta/ $ sudo masscan -p1-65535,U:1-65535 10.129.100.45 --rate=1000 -e tun0 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-23 17:19:18 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 22/tcp on 10.129.100.45 Discovered open port 80/tcp on 10.129.100.45 And now nmap for more detail on our found ports...

Very clever box, lured me into thinking I had the solution but pulled a switcheroo! Also I’ve left in a typo that caused hours of confusion, always be aware of not getting in your own way! Privesc was a clever wrinkle on a pretty common technique. Overall a really enjoyable challenge

Recon to foothold Let’s begin with a scan, first masscan rob:~/ $ sudo masscan -p1-65535,U:1-65535 10.10.34.135 --rate=1000 -e tun0 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-15 21:04:27 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 8080/tcp on 10.10.34.135 Discovered open port 501/tcp on 10.10.34.135 Discovered open port 8000/tcp on 10.10.34.135 Discovered open port 21/tcp on 10.10.34.135 Discovered open port 80/tcp on 10.10.34.135 Discovered open port 22/tcp on 10....

Recon to foothold We’ll start with a comprehensive scan rob:ContainMe/ $ sudo masscan -p1-65535,U:1-65535 10.10.235.206 --rate=1000 -e tun0 [sudo] password for rob: Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-11-19 14:32:46 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 2222/tcp on 10.10.235.206 Discovered open port 8022/tcp on 10.10.235.206 Discovered open port 22/tcp on 10.10.235.206 Discovered open port 80/tcp on 10.10.235.206 And now an nmap for the found ports...

A good box that rewards thorough enumeration, medium level is about right although privesc to root is pretty simple

A fairly easy ‘medium’ box, once the couple of key concepts used are known. Very good CVE to demonstrate and good to read deeper on as a directory traversal example