As this machine is still active, the following content is protected
Javascript needs to be enabled to decrypt content Recon to foothold We’ll start with masscan
rob:Meta/ $ sudo masscan -p1-65535,U:1-65535 10.129.100.45 --rate=1000 -e tun0 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-23 17:19:18 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 22/tcp on 10.129.100.45 Discovered open port 80/tcp on 10.129.100.45 And now nmap for more detail on our found ports...
Timing
Very clever box, lured me into thinking I had the solution but pulled a switcheroo! Also I’ve left in a typo that caused hours of confusion, always be aware of not getting in your own way! Privesc was a clever wrinkle on a pretty common technique. Overall a really enjoyable challenge
Pandora
A good fun box, pretty stragithforward and at a good level for an easy-rated machine. Clever escalations needing a good bit of research, excellent!
Hamlet
Recon to foothold Let’s begin with a scan, first masscan
rob:~/ $ sudo masscan -p1-65535,U:1-65535 10.10.34.135 --rate=1000 -e tun0 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-15 21:04:27 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 8080/tcp on 10.10.34.135 Discovered open port 501/tcp on 10.10.34.135 Discovered open port 8000/tcp on 10.10.34.135 Discovered open port 21/tcp on 10.10.34.135 Discovered open port 80/tcp on 10.10.34.135 Discovered open port 22/tcp on 10....
Driver
As this machine is still active, the following content is protected
Javascript needs to be enabled to decrypt content Recon to Foothold We’ll kick of with a masscan to find all open hosts
rob:Driver/ $ sudo masscan -p1-65535,U:1-65535 10.10.11.106 --rate=1000 -e tun0 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-12-23 21:04:55 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 80/tcp on 10.10.11.106 Discovered open port 445/tcp on 10....
Secret
A good fun box, imho though it’s pretty much all the way over to medium, not easy as rated. User is pretty straightfoward with thorough enumeration but the privesc to root is more than beginner level for sure, took a bit of thinking and trial and error!