Writeup Guidelines

You are welcome to post your write-ups for retired Machines here!

To keep a uniformity on the write-ups, use the following style guide:

  • Discussion Title: {Machine} write-up by {username}
  • Title each phase with an H2 tag (##)
  • Title each step of a phase with an H3 tag(###)
  • Enclose all commands and code in a code block (~~~)
  • Use external links for used exploits
  • Tag the post properly, eg. {machine},writeups,etc.

Sample:

##Enumeration

We start by enumerating open ports and then drill down to each service for more information

###Nmap Scan

[root@server1 ~]# nmap 10.10.10.123
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2017-09-11 15:42 EST
Interesting ports on 10.10.10.123:
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds

Seems that we have a web server. Lets dirb it!

###Dirb

[root@server1 ~]#dirb http://10.10.10.123/
-----------------
DIRB v1.9
By The Dark Raver
-----------------
START_TIME: Mon Jul  9 23:13:16 2007
URL_BASE: http://10.10.10.123/
WORDLIST_FILES: wordlists/common.txt
SERVER_BANNER: lighttpd/1.4.15
NOT_EXISTANT_CODE: 404 [NOT FOUND]
(Location: '' - Size: 345)

-----------------

Generating Wordlist...
Generated Words: 839

---- Scanning URL: http://10.10.10.123/ ----
FOUND: http://10.10.10.123/phpmyadmin/       (***) DIRECTORY (*)

##Exploitation

Blah blah blah…

thanks. nice work

Hi. Are there any rules re: exposing the actual user/root tokens?

@NeilSec said:
Hi. Are there any rules re: exposing the actual user/root tokens?

the real question is Why ? What’s the point ?

@mpgn said:

@NeilSec said:
Hi. Are there any rules re: exposing the actual user/root tokens?

the real question is Why ? What’s the point ?

Yeah that’s a good point.

Type your comment

Type your comment

Are we allowed to make writeups for challenges which are not retired yet if we do not include any token/flags, only the method?

Type your comment> @hhg said:

Are we allowed to make writeups for challenges which are not retired yet if we do not include any token/flags, only the method?

Obviously not because you would be showing the methodogy to get the flags anyway.

If I make a website and upload all the writeups there, open retired machines’ writeups and HASH-protected active machine writeups, how to get is approved by HTB?