Today in our OSCP Prep series, we'll take a look at MR-ROBOT: 1 from VulnHub. This is an interesting box that requires us to elevate to root privileges, finding three separate keys along the way.
Analytify (Bug): cURL error 77: error setting certificate verify locations: CAfile: /etc/nginx/ssl/cacert.pem CApath: /etc/ssl/certs (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://oauth2.googleapis.com/token
Today in our OSCP Prep series, we'll take a look at MR-ROBOT: 1 from VulnHub. This is an interesting box that requires us to elevate to root privileges, finding three separate keys along the way.
Today in the OSCP Prep series, we'll take a look at SkyTower: 1 from VulnHub. This is an interesting machine that will require quite a bit of outside-the-box thinking at every step.
In today's installment in the OSCP Prep series, we'll walk through owning pWnOS v2.0 from VulnHub. pWnOS turned out to be a very simple machine requiring no more than basic enumeration to gain a foothold and move on to root quickly.
In this installment of the OSCP Prep series, we'll take a look at Vulnix. HackLAB: Vulnix is an Ubuntu 12-based vulnerable VM which provides a large attack surface including some less-than-common services. To get in, we'll need to enumerate network shares and take advantage of a misconfiguration on the victim.
Today we'll be walking through the SickOS 1.2 virtual machine from VulnHub. This is an Ubuntu box that provides a very small attack surface and implements security measures that may leave you scratching your head at times. Overall this is a fun machine that will force you to think outside the box.
Continuing our series of write-ups for OSCP-like VulnHub boxes, today we'll tackle the VulnOS 2 virtual machine. VulnOS 2 is an Ubuntu box running SSH, HTTP, and, interestingly, an IRC daemon. To get root, we'll need to enumerate the webserver to find a classic SQL injection vulnerability. We'll then use the SQLi to capture credentials and log in over SSH. Finally on the system, some basic enumeration will lead us to a kernel exploit to pop a root shell.
In the first Stapler walkthrough, we managed a very easy path to a shell by enumerating usernames over SMB and brute-forcing a password with Hydra. From there, some quick digging through the home directories revealed a plain-text password to an account with complete sudo privileges. Root was trivial. In this article, we will take a look at a different route to rooting this box through a "hidden" WordPress blog and a kernel exploit.
The Stapler 1 virtual machine was released on VulnHub in 2016. Authored by g0tmi1k, this is a very simple machine which can be rooted easily within a short time, at least by taking one of the multiple paths. In this post, we'll go over Stapler from boot to root.
Fristileaks is a fairly straightforward CTF-like machine that is considered a good practice box while preparing for the OSCP. The goal is to get root and read the flag file, and the focus is on enumeration.< We will need to read the source for clues, bypass a file upload filter, and even a little guesswork along the way. This write-up will walk through the Fristileaks box from boot to root.
Kioptrix 2014 is the fifth and final machine in the Kioptrix series of vulnerable virtual machines from VulnHub. The box is running FreeBSD and has only two ports open to the outside world. In this walkthrough, we will work our way from a simple port scan to gaining root access to this machine.