Writeup Guidelines

edited September 2017 in Writeups

You are welcome to post your write-ups for retired Machines here!

To keep a uniformity on the write-ups, use the following style guide:

  • Discussion Title: {Machine} write-up by {username}
  • Title each phase with an H2 tag (##)
  • Title each step of a phase with an H3 tag(###)
  • Enclose all commands and code in a code block (~~~)
  • Use external links for used exploits
  • Tag the post properly, eg. {machine},writeups,etc.

Sample:

Enumeration

We start by enumerating open ports and then drill down to each service for more information

Nmap Scan

[[email protected] ~]# nmap 10.10.10.123
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2017-09-11 15:42 EST
Interesting ports on 10.10.10.123:
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds

Seems that we have a web server. Lets dirb it!

Dirb

[[email protected] ~]#dirb http://10.10.10.123/
-----------------
DIRB v1.9
By The Dark Raver
-----------------
START_TIME: Mon Jul  9 23:13:16 2007
URL_BASE: http://10.10.10.123/
WORDLIST_FILES: wordlists/common.txt
SERVER_BANNER: lighttpd/1.4.15
NOT_EXISTANT_CODE: 404 [NOT FOUND]
(Location: '' - Size: 345)

-----------------

Generating Wordlist...
Generated Words: 839

---- Scanning URL: http://10.10.10.123/ ----
FOUND: http://10.10.10.123/phpmyadmin/       (***) DIRECTORY (*)

Exploitation

Blah blah blah...

Ch4p

Comments

  • thanks. nice work

    NE MUTLU TURKUM DIYENE

  • Hi. Are there any rules re: exposing the actual user/root tokens?

  • @NeilSec said:
    Hi. Are there any rules re: exposing the actual user/root tokens?

    the real question is Why ? What's the point ?

  • @mpgn said:

    @NeilSec said:
    Hi. Are there any rules re: exposing the actual user/root tokens?

    the real question is Why ? What's the point ?

    Yeah that's a good point.

  • Type your comment

  • Type your comment

  • Are we allowed to make writeups for challenges which are not retired yet if we do not include any token/flags, only the method?

  • Type your comment> @hhg said:

    Are we allowed to make writeups for challenges which are not retired yet if we do not include any token/flags, only the method?

    Obviously not because you would be showing the methodogy to get the flags anyway.

  • If I make a website and upload all the writeups there, open retired machines' writeups and HASH-protected active machine writeups, how to get is approved by HTB?

Sign In to comment.