Persecure : my learning archive

Category: Vulnhub

  • , ,

    PNPT : Black Pearl

    Overview Enumeration Run nmap scan to find for open ports. Run a gobuster scan to find for hidden directories. Port 80 /secret DNS Enumeration /navigate Foothold Use metasploit to gain a shell. Transfer linpeas to find more clues. Seems like we can exploit some permissions. Privilege escalation Check GTFObins for SUID exploits. Root is gained.

  • , ,

    PNPT : Dev

    Overview Enumeration Run nmap scan to find for open ports. Web enumeration Port 80: Run a gobuster scan to find for hidden directories. Port 8080: In the website at port 80 there is directory where we are able to find a config.yml file. This contains some creds that we can keep later. In the webserver…

  • , ,

    Kioptrix 1

    Overview Enumeration Run nmap scan to find for open ports. Port 80 & 443 Run a vulnerability scan with Nikto Start directory enumeration with dirbuster. SMB Enumeration Search for exploits Samba exploit https://www.rapid7.com/db/modules/exploit/linux/samba/trans2open/ Exploitation By metasploit Exploitation failed. Use a different payload. Root shell is gained. Exploitation by manual method

  • DC: 3.2
    , ,

    DC: 3.2

    DC-3 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. As with the previous DC releases, this one is designed with beginners in mind, although this time around, there is only one flag, one entry point and no clues at all.

  • Dina: 1.0.1
    , ,

    Dina: 1.0.1

    Download the machine: https://www.vulnhub.com/entry/dina-101,200/ Overview Enumeration Run nmap scan to find for open ports. Run a gobuster scan to find for hidden directories. Port 80 /robots.txt /nothing source code. /secure Unzip the file with the password list and a mp3 file is given. Use cyberchef to read the file. Now we found an interface. We…

  • Corrosion: 1
    , ,

    Corrosion: 1

    A easy box for beginners, but not too easy. Good Luck. Hint: Enumerate Property.

  • billu: b0x
    , ,

    billu: b0x

    This Virtual machine is using ubuntu (32 bit) Other packages used: – PHP Apache MySQL This virtual machine is having medium difficulty level with tricks. One need to break into VM using web application and from there escalate privileges to gain root access

  • GreenOptic: 1
    , ,

    GreenOptic: 1

    GreenOptic is my fourth Capture the Flag box. It is rated as ‘Very Hard’. As with all of my CTFs, please run this in ‘Host Only’ mode – it does not need an internet connection. Don’t let the difficulty put you off though – the CTF is designed to be realistic, so you won’t come…

  • Funbox: Scriptkiddie
    , ,

    Funbox: Scriptkiddie

    As always, it’s a very easy box for beginners.

  • , ,

    doubletrouble: 1

    Download the machine: https://www.vulnhub.com/entry/doubletrouble-1,743/ Overview Enumeration Run nmap scan to find for open ports. Run a gobuster scan to find for hidden directories. Port 80 /secret Download the image and check if there are any hidden files inside the file. Let’s search searchsploit for some exploits. since we have some creds let’s use the RCE…

Create a website or blog at WordPress.com