Vulnhub virtual machine; OSCP prep box and a change of pace. This box required to execution of multiple binaries that lead to root. Great information to have worked through.
Vulnhub virtual machine; OSCP prep box, classic linux box which began with some filtered SQLi and workarounds. The usage of proxychains came in to redirect our connection to target host. Escalation was interesting and getting a full shell even more so.
Vulnhub virtual machine; OSCP prep box, tv-show themed box that offered traning on basic enumeration along with wpscan brute forcing which led to remote code execution. Upgrading via enumeration of kernel exploits left empty hands but pivoting to another user and getting “interactive” led us to root.
Vulnhub virtual machine; OSCP prep box, a windows box with a very well known vulnerability that leads to system level access. Setup of box takes longer then actual exploitation (metasploit used).
Vulnhub virtual machine; OSCP prep box, classic boot the root box which enumeration leads to a blog page that is suseptiable to pretty serious vulnerability that leads to the foothold of the box. Priv-esc was trickery as in the end the simplest solutions are the hardest to figure out - added secondary priv-esc.
Vulnhub virtual machine; OSCP Buffer-Overflow prep. “Where we’re going we don’t need roads”. This box is a perfect test of skills in regards to buffer-overflows and you will work on crafting an overflow that leads to a reverse shell. The escalation of box stems from a pivot via a manual.
Vulnhub virtual machine; OSCP prep box, included a webserver enumeration of OPTIONS which led to a PUT upload of reverse shell. Priv-escalation required a pivot through chkrootkit and a reverse shell executed by crontab.
Vulnhub virtual machine; OSCP prep box, and a very interesting one indeed. This box included a few hints and clues sprinkled around a web application which then pivoted to multiple user escalations along side decryption of cipher-text which led to eventual root.
Vulnhub virtual machine; another OSCP prep box. Which offered a wide scope of pentesting techniques to include Wordpress LFI with exploit modification to exclude SSL checking, MySQL RCE path that enabled the ability for a reverse shell and a custom find script that parsed .bash_history. Preparing for battle never felt so good.
Vulnhub virtual machine; On the path to OSCP this box offered enumeration of services with enum4linux and credential extraction via SQL-i. The main escalation occurs from within MySQL through manipulating the sys_exec function. This was a well rounded crafted box.