[writeups] Registry
Logo Creator OS Difficulty Points Graph thek Linux Hard 40 Reconnaissance Registry is a Ubuntu host running a private docker registry server guarded by weak credentials. With some enumeration of the service, I was able to locate a certificate that allowed me to pull the docker image and examine the filesystem, which gave me an encrypted SSH key and its password. With the user account, I dug through the SQLite database for the web server and found admin credentials.
[writeups] VirSecCon 2020 Sequelitis
Description: Sequelitis has moved to a new database for keeping track of their customers. Break in.
Points: 100
Recon When you visit the URL for the challenge, you get a basic search bar. Based on the name of the challenge, I know this is going to be some kind of SQL injection.
When I submit a search request and capture it in BurpSuite, I get a normal looking response with no results.
[writeups] Forest
Logo Creator OS Difficulty Points Graph egre55 & mrb3n Windows Easy 20 Initial Scan My initial scan revealed a lot of open ports, and even more with more in-depth scanning. Some of the most important services I noticed are below:
Nmap 7.80 scan initiated Wed Jan 15 17:20:09 2020 as: nmap -sC -sV -p 53,88,135,139,389,445 -oN nmap/def-script 10.10.10.161 Nmap scan report for 10.10.10.161 Host is up (0.38s latency). PORT STATE SERVICE VERSION 53/tcp open domain?
[writeups] Bitlab
Logo Creator OS Difficulty Points Graph Frey & thek Linux Medium 30 Initial Scan I identified two open ports (22 and 80) with my quick scan: nmap -F 10.10.10.114. I’ll do a script scan to get some more information.
Nmap 7.80 scan initiated Mon Dec 2 13:52:48 2019 as: nmap -sC -sV -oN nmap/def-script -p 22,80 10.10.10.114 Nmap scan report for 10.10.10.114 Host is up (0.037s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.
[writeups] Postman
Logo Creator OS Difficulty Points Release TheCyberGeek Linux Easy 20 Initial Scan I started with an initial NMAP scan of the host, and discovered ports 22, 80, and 10000.
Command: nmap -F -oN nmap/quick 10.10.10.160
PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 10000/tcp open snet-sensor-mgmt Further script scanning revealed an Apache service and a MiniServ service.
Command: nmap -sC -sV -oN nmap/def-script -p 22,80,10000 10.10.10.160
80/tcp open http Apache httpd 2.