Owning Pinky's Palace: V2 step-by-step.
Tag : hacking
Temple of Doom: 1 Walkthrough (OSCP Prep)
Walking through Temple of Doom: 1, the next machine in our OSCP Prep series.
Lin.Security.1 Walkthrough (OSCP Prep)
Walking through Lin.Security.1, a simple but fun machine, as part of our OSCP Prep series.
PwnLab: init Walkthrough (OSCP Prep)
Resuming our OSCP Prep series, today we'll walk through PwnLab: Init from VulnHub.
Mr-Robot 1 Walkthrough (OSCP Prep)
Today in our OSCP Prep series, we'll take a look at MR-ROBOT: 1 from VulnHub. This is an interesting box that requires us to elevate to root privileges, finding three separate keys along the way.
SkyTower 1 Walkthrough (OSCP Prep)
Today in the OSCP Prep series, we'll take a look at SkyTower: 1 from VulnHub. This is an interesting machine that will require quite a bit of outside-the-box thinking at every step.
pWnOS 2.0 Walkthrough (OSCP Prep)
In today's installment in the OSCP Prep series, we'll walk through owning pWnOS v2.0 from VulnHub. pWnOS turned out to be a very simple machine requiring no more than basic enumeration to gain a foothold and move on to root quickly.
Vulnix Walkthrough (OSCP Prep)
In this installment of the OSCP Prep series, we'll take a look at Vulnix. HackLAB: Vulnix is an Ubuntu 12-based vulnerable VM which provides a large attack surface including some less-than-common services. To get in, we'll need to enumerate network shares and take advantage of a misconfiguration on the victim.
SickOS 1.2 Walkthrough (OSCP Prep)
Today we'll be walking through the SickOS 1.2 virtual machine from VulnHub. This is an Ubuntu box that provides a very small attack surface and implements security measures that may leave you scratching your head at times. Overall this is a fun machine that will force you to think outside the box.
VulnOS 2 Walkthrough (OSCP Prep)
Continuing our series of write-ups for OSCP-like VulnHub boxes, today we'll tackle the VulnOS 2 virtual machine. VulnOS 2 is an Ubuntu box running SSH, HTTP, and, interestingly, an IRC daemon. To get root, we'll need to enumerate the webserver to find a classic SQL injection vulnerability. We'll then use the SQLi to capture credentials and log in over SSH. Finally on the system, some basic enumeration will lead us to a kernel exploit to pop a root shell.