Obscurity was a medium Linux box that offered completely custom written software. This was a cool concept to explore, because it required diving into source code to spot vulnerabilities. For the foothold, this was fuzzing to find the source of the web server and then spotting a vulnerable exec function based on user input. User required a bit of reverse engineering to decrypt a key used in a custom encryption tool. Finally, root access came from abusing the temporary write of password hashes during login attempts for a custom SSH service.

Logo Creator OS Difficulty Points Release jkr Linux Easy 20 Initial Scan I started with an initial NMAP scan of the host, and discovered ports 22 and 80. Command: nmap -F -oN nmap/quick 10.10.10.165 PORT STATE SERVICE 22/tcp open ssh 80/tcp open http Further script scanning revealed that the HTTP service was running nostromo 1.9.6. Command: nmap -sC -sV -oN nmap/def-script -p 22,80 10.10.10.165 PORT STATE SERVICE VERSION 80/tcp open http nostromo 1.

Logo Creator OS Difficulty Points Graph egre55 & mrb3n Windows Easy 20 Initial Scan My initial scan revealed a lot of open ports, and even more with more in-depth scanning. Some of the most important services I noticed are below:

Nmap 7.80 scan initiated Wed Jan 15 17:20:09 2020 as: nmap -sC -sV -p 53,88,135,139,389,445 -oN nmap/def-script 10.10.10.161 Nmap scan report for 10.10.10.161 Host is up (0.38s latency). PORT STATE SERVICE VERSION 53/tcp open domain?