"The only true wisdom is in knowing you know nothing." - Socrates
It’s been a while this is my first post of 2020. Symfonos is a begginer series of real-life like challenges from Vulnhub created by Zayotic. In this machine a user will learn how to enumerate web application to find local file inclusion vulnerability. Using the discovered vulnerability to enumerate files and obtain ldap credentials, working with ldap to obtain credentials to get into the machine. Finally a user will learn about privilege escalation method using dkpg binary with sudo privileges.
Me and My Girlfriend is a beginner level VM created by TW1C3 on vulnhub. It is truly beginner friendly but fun at the same time. One gets to practice enumeration, web application vulnerabilities and simple privilege escalation. I think this is a good beggining point for some of the people studying for OSCP.
LiterallyVulnerable is yet another CTF-style box from VulnHub which calls for enumeration and code injection. Rated easy and so it was.
Djinn is a vulnerable CTF style machine from Hack the Box. It’s supposed to be Beginner-Intermediate level. The point of the challenge is to get user and root flags. This machine presents different privilege escalation vectors, and definitely teaches you some unconventional new stuff.
Connect The Dots is a CTF style challenge from Vulnhub created by Sumit Verma. This box main objective seems to be thorough enumeration, connecting various hints given throughout the process. Although the difficulty level was listed as Beginner and Intermediate level, I would say it was closer to Intermediate.
Writeup is a vulnerable machine from [HackTheBox]. Write up is rated as an easy box, which is supposed to be close to real-life scenario. In this machine one gets to practice enumeration, exploits and $PATH hijacking.
A little manual with essentials for OSCP preparation. These are some of the resources I used and noted while preparing for OSCP. I hope this helps some of you on your journey
Tr0ll is a CTF style system from vulnhub.com created by Maleus. The enumeration is key in this one. There is a lot of trolling and hints in every troll. As they say, there’s grain of truth in every joke.
Prime: 1 is a vulnerable box from vulnhub.com created by Suraj Pandey. The machine is an OSCP style challenge with a little flavor of CTF. It encourages you to practice your enumeration skills and through enumerationg hint after hint is given towards the next stage. This box is vulnerable for Local File Inclusion, Remote Code Execution and vulnerable SUID binary.
Symphonos2 is a vunlerable system from vulnhub.com created by Zayotic. The difficulty level of this box is intermediate. The goal is to get administrative priviliges on the sytem. This system is vulnerable to poorly configured SMB share, LibreNMS addhost Command Injection and SQL database running with administrative privileges and is accessible to non privileged user.
Stapler is a begginer/intermedite level vunlerable system from vulnhub.com created by g0tmi1k. The goal is to get administrative priviliges on the sytem. This system is vulnerable to Local File Inclusion vulnerability found in the WordPress’ Plugin and administrative user’s password is stored in a file with weak permissions.
This is the final level in Kioptrix Series. If you have completed all levels, you must’ve had as much fun as I did on this journey. This machine was a bit different from the previous one, as it was FreeBSD. Low privilige challenges were a little different and required a little more enumeration in my opinion. Kioptrix Level 5 is vulnerable to Local File Inclusion aka Directory Traversal, Remote Code Execution and Kernel Privilege Escalation.
Kioptrix level 4 is second penetration testing challenge from Kioptrix series. This particular machine is vulnerable to SQL Injection, Plaintext Credentials stored on the vulnerable app, SQL Credentials stored in plaintext and MySQL with User-Defined Function cabapilities running with administrative priviliges.
Kioptrix level 3 is yet another penetration testing challenge from Kioptrix series. This particular machine is vulnerable to Remote Command Execution (RCE), SQL Credentials stored in plaintext, weak passwords and a text editor running with administrative credentials.
Although the principal is the same, Kioptrix level 2 provides a different set of challenges from level one. Whereas level one had vulnerable mod_ssl version and kernel exploit, level 2 (1.1) is vulnerable to SQL Injection, command execution and different kernel exploit.
Kioptrix is a series of vulnerable machines hosted on Vulnhub. Each machine provides a different security challenge than the previous one and each machine (level) gets harder. Kioptrix series make perfect targets to practice enumeration, identify vulnerabilities, research exploits available thus sharpening your pentesting skills. This particular level involves a web vulnerability and a kernel vulnerability.