Offensive Security – Proving Grounds – ZenPhoto Write-up – No Metasploit

Offensive Security’s ZenPhoto is a Linux machine within their Proving Grounds – Practice section of the lab. This machine is rated intermediate from both Offensive Security and the community. I feel that rating is accurate. Keep in mind that the IP will change throughout the screenshots and cli output due to working on the box …

Offensive Security – Proving Grounds – Jacko Write-up – No Metasploit

Jacko from Offensive Security is a Windows box with a difficulty rating of intermediate. This box included a simple path to RCE with a tricky foothold and privilege escalation. I end up going down a few rabbit holes at each stage. Lets get started with some recon. Reconnaissance NMAP scan running all scripts, determine services/version …

Offensive Security – Proving Grounds – Banzai Write-up – No Metasploit

Banzai from Offensive Security was released on August 3rd, 2020. This machine is a Linux machine with the difficulty rating of intermediate. The flavor text provided with the VM is “You should be careful around raptors – they are dangerous!”. Even after rooting the box, this doesn’t make sense to me. Maybe I took an …

Offensive Security – Proving Grounds – Nibbles Write-up – No Metasploit

Nibbles from Offensive Security is a great example of getting root on a box by just “Living off The Land”. This boot to root includes no exploitation scripts and shows the importance of hardening systems before deploying to production. Now, on to the hacking. Reconnaissance We start off with a basic nmap scan. First, lets …

SANS Holiday Hack Challenge 2020 Write-up – Featuring KringleCon 3 :French Hens

Welcome to my write-up for the 2020 SANS Holiday Hack Challenge. This event includes 12 primary objectives and many “side missions” that will test your skills over many security topics. This is the third year SANS has hosted the event. The main page for the event can be found here. After registering, you are dropped …

Offensive Security – Proving Grounds – Metallus Write-up – No Metasploit

Offensive security has released an easy box offered in the practice section of the Proving Grounds. This Windows box is named Metallus. Lets see if we can get root on this one. Reconnaissance Starting with some initial enumeration. Nmap scan -Pn to ignore ping check, -sV to check versions, -sC to run all scripts, and …

Offensive Security – Proving Grounds – ClamAV Write-up – No Metasploit

ClamAV is a machine available in the Practice area of the Offensive Security Proving Grounds. This box difficulty is easy. Lets dive in and take a look. Reconnaissance Starting with a nmap scan enabling all scripts, detecting versions, and output all formats to files starting with the string “simple”. Weaponization and Delivery So using this …

Offensive Security – Proving Grounds – Internal Write-up – No Metasploit

Internal is a machine available in the Practice area of the Offensive Security Proving Grounds. This machine was super easy, so I will be focusing on manual exploitation and solid enumeration. Reconnaissance Lets start with some basic enumeration. Here we immediately see our target is “Windows Server (R) 2008 Standard 6001 Service Pack 1”. We …

Offensive Security – Proving Grounds – Bratarina Write-up – No Metasploit

Offensive security has recently released a new platform for testing your technical skills called the Proving Grounds. This service comes shortly after Offensive Security acquired VulnHub. Within the proving grounds you have a choice to hack the “Play” machines for free, or pay the monthly subscription to get access to offensive security created machines. I …

OSCP Buffer Overflow write-up from TryHackMe

Try Hack Me recently released a free room created by Tib3rius on the tryhackme.com site for anyone wanting to learn more about exploiting buffer overflows. The room includes a machine that can be deployed with the vulnerable app and the primary needed tool; Immunity Debugger. All exploitation in this write-up is performed remotely using Kali …