I've never tried a VulnHub box before. I initially downloaded the Bulldog one but couldn't even work out what its IP address was! LazySysAdmin 1 caught my eye. Apparently created as the author failed his OSCP - my kind of guy and this one seems to pick up DHCP OK so found it on 192.168.3.20 First off some nmapping to see what's there: Initial Enumeration (makes it sound like I have a formal plan, which I don't, but should) root@kali2017-1:~# nmap -sS 192.168.3.20 Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-13 08:22 BST Nmap scan report for 192.168.3.20 Host is up (0.00025s Continue Reading
OverTheWire: Bandit
In search of shorter, easier challenges I came across https://overthewire.org which has various "wargames" on it, the easiest apparently being the Bandit challenge. It looks to be different than proper virtualised networks to hack into but maybe interesting and I should learn some basics that no doubt I'm missing. Bandit Level O The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Continue Reading
Securi-Tay 2017 CTF Walkthrough.
Googling around the web for a CTF (Capture The Flag) project to try my fledgling hacking skills on I found https://maze.pentest-challenge.co.uk/ the easiest one marked "novice" for something called Securi-Tay 2017. Hopefully their definition of "novice" is similar to mine. I call it a "walkthrough" but it's not a guide intended to follow, more of a diary of what I did right and wrong. On booting the CTF virtual machine, it tells us which IP address to target. In my case it's 192.168.3.99. An nmap scan shows only port 80 running Apache/2.4.10 (Debian). Browsing to the provided IP, we Continue Reading
eJPT – a quick review
As a computer admin/engineer working with small businesses I have a moderate level of IT knowledge, mostly in the Windows operating systems, common software and basic networking. Comparing the various computer security certifications, especially the penetration testing ones, I was looking for something that was practical and would suit my level of computer knowledge. I've done various Microsoft exams in Servers, Workstation OS's, networking etc and have been a bit disappointed in how easy to cram they are - I always studied the books and set up labs and actually practiced it but you can pass Continue Reading