NeilSec: Security Learning Blog

Pentesting, infosec, hacking, learning.

  • Home
  • Knowledgebase

ch4inrulz 1.0.1 Walkthrough

2018-09-06 by Neil Leave a Comment

Initial Enumeration Having located the VM on 192.168.189.129, we run an nmap scan to see what port action is available: No known vulnerabilities for the services were found. Taking the ports one at a time: 21/ftp anonymous FTP access is allowed: PUT and MKDIR are not allowed: 550 Permission denied Server is anonymous only so no root, or other user, access allowed 22/SSH external ssh appears to be allowed 80/HTTP Website found: Dirb finds files and listable directories: root@kali:~/temp# dirb https://192.168.189.129 ----------------- DIRB v2.22 By The Continue Reading

VulnHub VM: Stapler

2017-11-20 by Neil Leave a Comment

This has turned out to be quite a fun box to attack because it has multiple ways in and supposedly multiple escalation methods too. I prefer this sort of CTF to the ones where they hide passwords in Base64 encoded jpgs in the page source and that sort of thing. This is less of a puzzle/game and more realistic, albeit an unrealistically badly configured security setup. N.B. when I write these up, I write as I'm doing it so it's not a carefully edited walk-through as such but more of a record (for myself) as to what I did, as I did and the thought-processes which I'm hoping to Continue Reading

Kioptrix2014

2017-11-15 by Neil Leave a Comment

I'm intending to start the OSCP course in the nearish future and wanting to give myself the best possible chance of success with it, I'm doing some more CTFs. I found this list of supposedly relevant CTFs: https://medium.com/@a.hilton83/oscp-training-vms-hosted-on-vulnhub-com-22fa061bf6a1 Top of the list is Kioptrix: 2014. Enumeration Booting up the VM you're presented with a bare login page with no info to be gleaned. I've put the machine on a host-only network of 10.0.0.0/24 and I can see the IP it's bound in the info on the boot screen. A basic nmap gives me: root@kali2017-1:~# nmap Continue Reading

LazySysAdmin 1 – revisited

2017-10-13 by Neil 1 Comment

In this post https://neilsec.com/ctf/vulnhub-lazysysadmin-1-ctf-attempt/ I had a crack at the LazySysAdmin VM from VulnHub and found the hidden flag. However it seemed a bit odd/easy to just enumerate some website directories and find a password, whilst ignoring all the Wordpress and myphpadmin bits. So I thought I'd have another look at it to see if there were other ways of rooting the box. Back to Wordpress So going back to the Wordpress site, I had a go at the login page using the credentials. WPSCAN had earlier told us that Admin was a valid username and so I tried the database Continue Reading

Next Page »

About Me

I’m currently a systems admin / consultant at a IT firm who looks after the computer systems of small businesses in the UK. IT security is only a part of that job. However I’ve always enjoyed breaking into, getting around, subverting and otherwise hacking things, systems and ideas. In tackling some low-level IT security tasks I reignited my interest in the field and this blog charts my progress in the world of Computer Security, legal Hacking, Penetration Testing, Infosec – whatever you want to call it. As a Windows guy I’m learning about Linux, shell-scripting, python and all the other skills needed in this field.

Tags

Apache Boot-to-Root CTF curl dib Dirbuster FreeBSD Hack The Box Linux mysql NFS Penetration Testing PHP RCE shell VulnHub Wordpress

Categories

© 2022 · NeilSec;