NeilSec: Security Learning Blog

Pentesting, infosec, hacking, learning.

  • Home
  • Knowledgebase

LazySysAdmin 1 – revisited

2017-10-13 by Neil 1 Comment

In this post https://neilsec.com/ctf/vulnhub-lazysysadmin-1-ctf-attempt/ I had a crack at the LazySysAdmin VM from VulnHub and found the hidden flag. However it seemed a bit odd/easy to just enumerate some website directories and find a password, whilst ignoring all the Wordpress and myphpadmin bits. So I thought I'd have another look at it to see if there were other ways of rooting the box. Back to Wordpress So going back to the Wordpress site, I had a go at the login page using the credentials. WPSCAN had earlier told us that Admin was a valid username and so I tried the database Continue Reading

Vulnhub: LazySysAdmin 1 – CTF attempt

2017-10-13 by Neil Leave a Comment

I've never tried a VulnHub box before. I initially downloaded the Bulldog one but couldn't even work out what its IP address was! LazySysAdmin 1 caught my eye. Apparently created as the author failed his OSCP - my kind of guy and this one seems to pick up DHCP OK so found it on 192.168.3.20 First off some nmapping to see what's there: Initial Enumeration (makes it sound like I have a formal plan, which I don't, but should) root@kali2017-1:~# nmap -sS 192.168.3.20 Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-13 08:22 BST Nmap scan report for 192.168.3.20 Host is up (0.00025s Continue Reading

Securi-Tay 2017 CTF Walkthrough.

2017-09-11 by Neil Leave a Comment

Googling around the web for a CTF (Capture The Flag) project to try my fledgling hacking skills on I found https://maze.pentest-challenge.co.uk/ the easiest one marked "novice" for something called Securi-Tay 2017. Hopefully their definition of "novice" is similar to mine. I call it a "walkthrough" but it's not a guide intended to follow, more of a diary of what I did right and wrong. On booting the CTF virtual machine, it tells us which IP address to target. In my case it's 192.168.3.99. An nmap scan shows only port 80 running Apache/2.4.10 (Debian). Browsing to the provided IP, we  Continue Reading

« Previous Page

About Me

I’m currently a systems admin / consultant at a IT firm who looks after the computer systems of small businesses in the UK. IT security is only a part of that job. However I’ve always enjoyed breaking into, getting around, subverting and otherwise hacking things, systems and ideas. In tackling some low-level IT security tasks I reignited my interest in the field and this blog charts my progress in the world of Computer Security, legal Hacking, Penetration Testing, Infosec – whatever you want to call it. As a Windows guy I’m learning about Linux, shell-scripting, python and all the other skills needed in this field.

Tags

Apache Boot-to-Root CTF curl dib Dirbuster FreeBSD Hack The Box Linux mysql NFS Penetration Testing PHP RCE shell VulnHub Wordpress

Categories

© 2023 · NeilSec;