Sign in

Hack The Planet

Like a lot of people I am starting off my OSCP prep by running through TJnull’s OSCP HTB/Vulnhub VM list and doing each box without Metasploit, the fourth Linux box in the list is Mirai.

This machine is the namesake of some IoT malware that caused a stir not to long ago (this turns out to be helpful during research for this box).

Recon

I kicked off my recon process using AutoRecon, as always super helpful and saves a lot of time.

Taking a look at the results we have a couple of interesting ports open:


Like a lot of people I am starting off my OSCP prep by running through TJnull’s OSCP HTB/Vulnhub VM list and doing each box without Metasploit, third Linux box on the list is Blocky.

Hack The Box Blocky

This was a pretty easy machine, if you have ever exploited WordPress config then gaining a foothold should be easy enough, there is a twist that might be tricky to catch if you have not been burned by it before.

Recon

I kicked off my recon process using AutoRecon, as always super helpful and saves a lot of time.

There is a small number of ports open…


Like a lot of people I am starting off my OSCP prep by running through TJnull’s OSCP HTB/Vulnhub VM list and doing each box without Metasploit, the second box on the list is Beep.

This box was super easy, and the only real difficult thing about it was avoiding going down rabbit holes and chasing your tail!

Recon

I started with my usual recon process, running AutoRecon, looking at the output we can see there is a good number of ports open.. yay!


Like a lot of people I am starting off my OSCP prep by running through TJnull’s OSCP HTB/Vulnhub VM list and doing each box without Metasploit, starting with Lame.

I have decided to do writeups on each of the retired machines I complete to help reinforce the techniques and processes each box helps develop.

Lame is first in the list and was a pretty easy box to root overall , there are a couple of different ways to root this host this is just how I obtained root — lets begin.

Recon

For doing initial recon I use AutoRecon by Tib3rius


For the last couple of weeks I have been ploughing through some of the learning paths on TryHackMe. (Amazing platform I would recommend to anyone interested in Cyber Security, beginners and pros!)

Going through the Web centred learning paths there is a bunch of guides and information on how to JSON Web Tokens Work and the potential vulnerabilities that surround them, this brief article is written as a note to myself and to further help understand the underlying concepts of how they work and simple exploitation scenarios.

What is a JSON Web Token?

JWT (pronounced jot) is pretty much an open standard used to create self-contained…


MaMGF is a beginner level vm by TW1C3, with a small storyline:

“ Description: This VM tells us that there are a couple of lovers namely Alice and Bob, where the couple was originally very romantic, but since Alice worked at a private company, “Ceban Corp”, something has changed from Alice’s attitude towards Bob like something is “hidden”, And Bob asks for your help to get what Alice is hiding and get full access to the company!”

Notes: there are 2 flag files

Learning: Web Application | Simple Privilege Escalation

Step 1: Enumeration

Kicking off a broad nmap scan, we…


Connect the Dots is a beginner to intermediate level VM created by Sumit Verma and can be found here

Objective: get /home/user.txt and /root/root.txt

It has been a while since I have done any CTF/WriteUp’s so I may be a bit rusty! be gentle! :)

Step 1: Enumeration

As we all know, there is only one way to begin, a nice verbose nmap scan of the host:

nmap -O -A -sT -sV -p- -T4 192.168.56.105 -vv

This gives us some nice info

We look to have a website hosted on port 80, an ftp service running on 21, rpcbind service…

Barry Malone

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store