Summary

Passage is a medium-rated Linux machine created by ChefByzen. Initial foothold is gained by exploiting a vulnerable version of CuteNews PHP. User compromise is performed by finding encoded files and decrypting a SHA256 password. Movement to another user was done by simply authenticating through SSH in localhost. …

Summary

Doctor is an easy Linux box created by egotisticalSW. Initial foothold is discovered by fuzzing the ‘New Message’ form in the Doctor Secure Messaging page. A reverse shell can be spawned by performing Server Side Template Injection. Lateral movement to user ‘shaun’ is done by finding his password in a…

Summary

OpenKeyS is a medium-rated OpenBSD machine created by polarbearer & GibParadox. Initial foothold can be obtained by discovering a authentication bypass on the HTTP service. User access is gained by adding a username cookie for a discovered user, ‘jennifer’ along with the exploitation of the authentication bypass to snatch an…

Summary

Unbalanced is a hard-rated Windows machine created by polarbearer & GibParadox. Initial foothold is discovered by downloading encrypted configuration files from the RSync service running on port 873. Hostnames are found on the squid configuration file after decrypting the files with EncFS. Boolean-based SQL Injection is performed to gather user…

Summary

SneakyMailer is a medium-rated Linux machine created by sulcud. Initial foothold is discovered by performing a social engineering attack to get a user hand over his credentials for the Internet Message Access Protocol(IMAP) service. Access to the FTP server is gained after finding credentials in one of the email in…

Summary

Buff is an easy-rated windows machine created by egotisticalSW. User access is gained by exploiting a Remote Code Execution(RCE) vulnerability on Gym Management Software 1.0. Administrative privileges were obtained by exploiting a buffer overflow vulnerability on CloudMe 1.11.2.

Reconnaissance

Nmap scan only shows port 8080 (http) open.

Summary

Tabby is an easy-rated Linux machine created by egre55. Initial foothold is obtained by discovering tomcat credentials with the help of Local File Inclusion. Access as tomcat is granted after deploying a WAR file which contains a reverse shell payload to the tomcat manager text interface. …

Summary

Fuse is a medium-rated windows machine created by egre55. Initial foothold is gained by discovering an expired password that can be changed in order to get access to SMB shares and RPCClient. A user shell is obtained by enumerating the printer in RPCClient and determine a password used by one…

Summary

Admirer is an easy-rated linux machine created by polarbearer and GibParadox. Initial foothold focuses on discovering ftp credentials on the web server that leads to discovery of files. User access is gained after finding credentials by exploiting a vulnerability in adminer database. …

y4th0ts

InfoSec n00b who aims to get better everyday.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store