Kringlecon 2: Turtle Doves, what an experience! I beat my head on some of these challenges for hours & days, and now that it’s all over, I find myself wanting more! So… I decided to put together a guide for those that either did not finish, or wanted another perspective on the challenges. Here’s a … Continue reading "Kringlecon 2: Turtle Doves (2019)"
Read MoreCategory: Article/Write-ups
DC 26 AND!XOR’s B.E.N.D.E.R. Write-Up So Far… (Still missing EAST -_-)
AND!XOR B.E.N.D.E.R. Write-Up Wow.. this was a draft for my site for over a year… Mine as well post it! 🙂 The AND!XOR B.E.N.D.E.R. game ended this past weekend, which means no prizes for completion. I’ve put a number of hours into the game, collaborated with strangers and coworkers and learned various infosec skills. I … Continue reading "DC 26 AND!XOR’s B.E.N.D.E.R. Write-Up So Far… (Still missing EAST -_-)"
Read More#badgelife for DefCon26
It’s been awhile since I posted to the blog. I presented my purple team training to my coworkers. I thought things went ok. I Ran into some hiccups, but it was a good practice run. I took some good notes, and plan to host another session in the future. Other than web app scans at … Continue reading "#badgelife for DefCon26"
Read MoreFristileaks Walkthrough
Started the box with a netdiscover, we have an IP of 192.168.0.139 Then an nmap scan: nmap -sV -Pn -vv -T4 -A -p- scan_ip –script=auth,brute,discovery,exploit,vuln -oN $ip/$ip_.nmap.scan Nmap only found 1 open tcp port: 80, with a default dir I browsed to the webpage, but didn’t find anything of interest Then checked the robots.txt I … Continue reading "Fristileaks Walkthrough"
Read MoreVulnOSv2 Walkthrough
I started this box with a netdiscover scan, revealing it had an IP of 192.168.0.138 Nmap scan found some open ports SSH Webserver with a root dir Port 6667 Went to the website to reveal, how nice 🙂 After clicking on the link, it takes me too the web app I browsed around the site, … Continue reading "VulnOSv2 Walkthrough"
Read MoreKioptrix VM3
Started the host with a netdiscover scan Found some open portsSSHHTTP Found some login pages I browsed to the web port to find a web app: I clicked through the pages, then got to the login page Lets take a step back and see if there’s an associated vulnerabilities with the lotuscms applicationI found some … Continue reading "Kioptrix VM3"
Read MoreKioptrix2014- Walkthrough
I started this box with a netdiscover nmap scan found some ports I browsed to port 80 to findChecking the page source gives us our next clue Let’s browse to “pChart2.1.3…” I then looked up exploits associated with pchart In the first link, I followed the directory traversal vuln instructions And received a output of … Continue reading "Kioptrix2014- Walkthrough"
Read MoreStapler Walkthrough
I started the box with a netdiscover scanNetdiscover -r 192.168.0.0/24 The VM picked up an ip address of 192.168.0.134 Let’s scan it with nmapnmap -sV -Pn -vv -T4 -A -p- 192.168.0.134 –script=auth,brute,discovery,exploit,vuln -oN 192.168.0.134nmap.scan Found some open portsFTP & SSHTCP DNS WebserverMysql with an interesting banner And another webserver SMB enum found a couple shares … Continue reading "Stapler Walkthrough"
Read MorePwn_init Walkthrough
First I ran netdiscover -r 192.168.0.0/24 Then an nmap scan: nmap -sV -Pn -vv -T4 -A -p- 192.168.0.133 –script=auth,brute,discovery,exploit,vuln -oN 192.168.0.133nmap.scanFound a few open ports: Info about the http server, looks like we found a login form And some additional pages to try RPC info MYSQL info, looks like we got blocked from connecting to … Continue reading "Pwn_init Walkthrough"
Read MoreWeb App Pentesting- File Include & Post Exploitation
File Include & Post Exploitation
Read More