This has turned out to be quite a fun box to attack because it has multiple ways in and supposedly multiple escalation methods too. I prefer this sort of CTF to the ones where they hide passwords in Base64 encoded jpgs in the page source and that sort of thing. This is less of a puzzle/game and more realistic, albeit an unrealistically badly configured security setup. N.B. when I write these up, I write as I'm doing it so it's not a carefully edited walk-through as such but more of a record (for myself) as to what I did, as I did and the thought-processes which I'm hoping to Continue Reading
LazySysAdmin 1 – revisited
In this post https://neilsec.com/ctf/vulnhub-lazysysadmin-1-ctf-attempt/ I had a crack at the LazySysAdmin VM from VulnHub and found the hidden flag. However it seemed a bit odd/easy to just enumerate some website directories and find a password, whilst ignoring all the Wordpress and myphpadmin bits. So I thought I'd have another look at it to see if there were other ways of rooting the box. Back to Wordpress So going back to the Wordpress site, I had a go at the login page using the credentials. WPSCAN had earlier told us that Admin was a valid username and so I tried the database Continue Reading
Vulnhub: LazySysAdmin 1 – CTF attempt
I've never tried a VulnHub box before. I initially downloaded the Bulldog one but couldn't even work out what its IP address was! LazySysAdmin 1 caught my eye. Apparently created as the author failed his OSCP - my kind of guy and this one seems to pick up DHCP OK so found it on 192.168.3.20 First off some nmapping to see what's there: Initial Enumeration (makes it sound like I have a formal plan, which I don't, but should) root@kali2017-1:~# nmap -sS 192.168.3.20 Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-13 08:22 BST Nmap scan report for 192.168.3.20 Host is up (0.00025s Continue Reading
Securi-Tay 2017 CTF Walkthrough.
Googling around the web for a CTF (Capture The Flag) project to try my fledgling hacking skills on I found https://maze.pentest-challenge.co.uk/ the easiest one marked "novice" for something called Securi-Tay 2017. Hopefully their definition of "novice" is similar to mine. I call it a "walkthrough" but it's not a guide intended to follow, more of a diary of what I did right and wrong. On booting the CTF virtual machine, it tells us which IP address to target. In my case it's 192.168.3.99. An nmap scan shows only port 80 running Apache/2.4.10 (Debian). Browsing to the provided IP, we Continue Reading