Dev and Security Walkthroughs

Information: Name: FristiLeaks 1.3 VM Creator: @Ar0xA Time it took me: 8-10 hours. Rating: 8/10. Its rated as "Basic" but its harder than basic imo. If you have little to no experience with privilege escalation, this one will take you a few hours. In the VM description it said 'box should take like 4 hours. Yeah... not me. Recommend: Yep. $ nmap -A -p 0-65535 192.168.0.5 80/tcp open http Apache httpd 2.2.15 ((CentOS) DAV/2 PHP/5.3.3) | http-methods: |_ Potentially risky methods: TRACE | http-robots.txt: 3 disallowed entries |_/cola /sisi /beer |_http-server-header: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 |_http-title: Site doesn't have a title (text/html; charset=UTF-8). Port 80 is the only service up. This scares me a bit since I usually use SSH or FTP to login remotely. When I was in the box I seriously tried to do (service sshd start), (service ftpd start) as a low privileged user. I found out you need sudo access to start a service below por

Information: Name: LazySysAdmin 1.0 VM Creator: @TogieMcdogie Time it took me: 2-3 hours. Pentest Skill Level: Less than a year. To begin use nmap: 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.7 ((Ubuntu)) 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: LAZYSYSADMIN) 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: LAZYSYSADMIN) 3306/tcp open mysql 6667/tcp open irc InspIRCd The box description said "linux enumeration". Samba is a file sharing server. It can be used with Windows, Linux, and Mac. I always thought Samba was a "windows thing" but I suppose not. Use the tool enum4linux. I used: enum4linux -a 192.168.0.15. [+] Attempting to map shares on 192.168.0.15 //192.168.0.15/print$ Mapping: DENIED, Listing: N/A //192.168.0.15/share$ Mapping: OK, Listing: OK //192.168.0.15/IPC$ Mapping: OK Listing: DENIED We see the /share$ folder

Information: Name: Rickdiculously-Easy (Rick and Morty themed VM) Link: https://www.vulnhub.com/entry/rickdiculouslyeasy-1,207/ VM Creator: Luke Time it took me: 3 days to solve it. Around 6-10 hours. Pentest Skill Level: Less than a year. To begin use nmap. Note: I lost a few hours by not scanning with -p 0-65535. $ nmap -A -p 0-65535 192.168.0.6 Starting Nmap 7.01 ( https://nmap.org ) Nmap scan report for 192.168.0.6 PORT STATE SERVICE VERSION 21/tcp    open ftp vsftpd 3.0.3 22/tcp    open ssh 80/tcp    open http Apache httpd 2.4.27 9090/tcp  open zeus-admin ssl/zeus-admin? 13337/tcp open unknown 22222/tcp open unknown OpenSSH 7.5 (protocol 2.0) 60000/tcp open unknown I will go after 80 first. I type in http://192.168.0.6/robots.txt into the browser. The root_shell.cgi is a trap. Rick wouldn't make it that easy. The /cgi-bin/tracertool.cgi is what were after. The traceroute program takes an IP and doe