Owning Pinky's Palace: V2 step-by-step.
Analytify (Bug): cURL error 77: error setting certificate verify locations: CAfile: /etc/nginx/ssl/cacert.pem CApath: /etc/ssl/certs (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://oauth2.googleapis.com/token
Owning Pinky's Palace: V2 step-by-step.
Walking through Temple of Doom: 1, the next machine in our OSCP Prep series.
Walking through Lin.Security.1, a simple but fun machine, as part of our OSCP Prep series.
Resuming our OSCP Prep series, today we'll walk through PwnLab: Init from VulnHub.
Today in our OSCP Prep series, we'll take a look at MR-ROBOT: 1 from VulnHub. This is an interesting box that requires us to elevate to root privileges, finding three separate keys along the way.
Today in the OSCP Prep series, we'll take a look at SkyTower: 1 from VulnHub. This is an interesting machine that will require quite a bit of outside-the-box thinking at every step.
In today's installment in the OSCP Prep series, we'll walk through owning pWnOS v2.0 from VulnHub. pWnOS turned out to be a very simple machine requiring no more than basic enumeration to gain a foothold and move on to root quickly.
In this installment of the OSCP Prep series, we'll take a look at Vulnix. HackLAB: Vulnix is an Ubuntu 12-based vulnerable VM which provides a large attack surface including some less-than-common services. To get in, we'll need to enumerate network shares and take advantage of a misconfiguration on the victim.
Today we'll be walking through the SickOS 1.2 virtual machine from VulnHub. This is an Ubuntu box that provides a very small attack surface and implements security measures that may leave you scratching your head at times. Overall this is a fun machine that will force you to think outside the box.
Continuing our series of write-ups for OSCP-like VulnHub boxes, today we'll tackle the VulnOS 2 virtual machine. VulnOS 2 is an Ubuntu box running SSH, HTTP, and, interestingly, an IRC daemon. To get root, we'll need to enumerate the webserver to find a classic SQL injection vulnerability. We'll then use the SQLi to capture credentials and log in over SSH. Finally on the system, some basic enumeration will lead us to a kernel exploit to pop a root shell.