Offensive Security – Proving Grounds – ZenPhoto Write-up – No Metasploit

Offensive Security’s ZenPhoto is a Linux machine within their Proving Grounds – Practice section of the lab. This machine is rated intermediate from both Offensive Security and the community. I feel that rating is accurate. Keep in mind that the IP will change throughout the screenshots and cli output due to working on the box …

Offensive Security – Proving Grounds – Jacko Write-up – No Metasploit

Jacko from Offensive Security is a Windows box with a difficulty rating of intermediate. This box included a simple path to RCE with a tricky foothold and privilege escalation. I end up going down a few rabbit holes at each stage. Lets get started with some recon. Reconnaissance NMAP scan running all scripts, determine services/version …

Offensive Security – Proving Grounds – Banzai Write-up – No Metasploit

Banzai from Offensive Security was released on August 3rd, 2020. This machine is a Linux machine with the difficulty rating of intermediate. The flavor text provided with the VM is “You should be careful around raptors – they are dangerous!”. Even after rooting the box, this doesn’t make sense to me. Maybe I took an …

Offensive Security – Proving Grounds – Nibbles Write-up – No Metasploit

Nibbles from Offensive Security is a great example of getting root on a box by just “Living off The Land”. This boot to root includes no exploitation scripts and shows the importance of hardening systems before deploying to production. Now, on to the hacking. Reconnaissance We start off with a basic nmap scan. First, lets …

Offensive Security – Proving Grounds – Metallus Write-up – No Metasploit

Offensive security has released an easy box offered in the practice section of the Proving Grounds. This Windows box is named Metallus. Lets see if we can get root on this one. Reconnaissance Starting with some initial enumeration. Nmap scan -Pn to ignore ping check, -sV to check versions, -sC to run all scripts, and …

Offensive Security – Proving Grounds – ClamAV Write-up – No Metasploit

ClamAV is a machine available in the Practice area of the Offensive Security Proving Grounds. This box difficulty is easy. Lets dive in and take a look. Reconnaissance Starting with a nmap scan enabling all scripts, detecting versions, and output all formats to files starting with the string “simple”. Weaponization and Delivery So using this …

Offensive Security – Proving Grounds – Internal Write-up – No Metasploit

Internal is a machine available in the Practice area of the Offensive Security Proving Grounds. This machine was super easy, so I will be focusing on manual exploitation and solid enumeration. Reconnaissance Lets start with some basic enumeration. Here we immediately see our target is “Windows Server (R) 2008 Standard 6001 Service Pack 1”. We …

OSCP-Voucher-Giveaway-VM – LXC/LXD method – Write-up

Offensive Security Community Manager Tjnull offered up a voucher for the OSCP PWK. For a chance to win the OSCP voucher, participants must download a VM from VulnHub, get root permissions on the VM, and submit the flag to a user in Discord. VulnHubLink: https://www.vulnhub.com/entry/infosec-prep-oscp,508/ Lets dig in an see what we can find. Reconnaissance …