Ch4inrulz Walkthrough

Walkthrough of the Ch4inrulz challenge from vulnhub. Walkthrough A netdiscover finds the machine. Running a basic nmap scan (command: nmap -A -T4 192.168.139.130) against it finds a few things of interest. Key items from the scan: There is a FTP instance running that allows for anonymous login. Anonymous login allows any user to access the service. There is a SSH server running There is a web server running, banner information indicates it belongs to ‘Frank’ with nothing in the robots.txt

Read more

DC-6 Walkthrough

Walkthrough of DC-6 challenge from vulnhub. Initial hints given from reviewing the challenge listing: The name of the host is wordy A password list can be determined using cat /usr/share/wordlists/rockyou.txt | grep k01 > passwords.txt Walkthrough A basic ping sweep finds the machine, throwing a default nmap scan at it finds two ports of interest – SSH (22) & HTTP (80). Of interest in the http headers are the mention of hostname wordy (inline with the initial hint) Wordy added

Read more

BlackMarket: 1 – walkthrough

Walkthrough for BlackMarket: 1 (https://www.vulnhub.com/entry/blackmarket-1,223/) Summary Flags Credentials Walkthrough A basic nmap sweep finds the machine. root@kali:~# nmap -sP 192.168.195.0/24 Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-26 06:13 AEDT Nmap scan report for 192.168.195.211 Host is up (0.00021s latency). Host is up. Nmap done: 256 IP addresses (5 hosts up) scanned in 2.45 seconds Throwing a nmap scan across the box shows up ftp (vsftpd 3.0.2), ssh (OpenSSH 6.6.1p1), web (Apache httpd 2.4.7), along with pop3 & imap (Dovecot)

Read more

Derpnstink: 1 Walkthrough

Walkthrough for the DerpNStink: 1 (https://www.vulnhub.com/entry/derpnstink-1,221/) CTF challenge image. Summary Flags Domains derpnstink.local Credentials Walkthrough A basic nmap ping scan finds the box. Throwing a fuller scan at it finds three services open and some details. [bash] root@kali:~# nmap -A -T4 192.168.195.214 Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-20 14:44 AEDT Nmap scan report for 192.168.195.214 Host is up (0.00080s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.2 22/tcp open ssh OpenSSH

Read more

d0not5top: 1.2 – Walkthrough

Overview CTF Challenge attempted –¬†https://www.vulnhub.com/entry/d0not5top-12%2C191/ Walkthrough is incomplete – I’ll update as I go. Tips found from the setup: Initial import attempt of .ova file failed on VMWare Fusion – needed to retry with relaxed conditions Flags found are: Reconnaissance & Scanning First we find the host (extra output removed) root@kali:~/D0Not5top# nmap -sn 192.168.195.0/24 MAC Address: 00:0C:29:EA:52:D0 (VMware) Nmap scan report for 192.168.195.147 Host is up (0.00071s latency). Host is up. root@kali:~/D0Not5top# A quick nmap scan turns up the following:

Read more

DonkeyDocker 1 – Walkthrough

Overview CTF Challenge attempted – https://www.vulnhub.com/entry/donkeydocker-1,189/ Tip I found from the setup – if VMWare offers to upgrade the DonkeyDocker image, don’t do it. I did on mine & it broke the IP connectivity from Kali. This is my first attempt at a CTF, so was an enjoyable learning exercise. I’ve loosely grouped the steps taken below into Reconnaissance & Scanning, Access & Escalation and Exfiltration. Useful things I learnt along the way: Try simple things first before going with

Read more