Very enjoyable, useful skills / lessons from this machine:
Manual enumeration of web pages/directories when the host is using effective protection against mass scanners / brute-forcers.
The importance of GROUP in the Linux file permiss…
Great box IMHO. A great exercise for someone new to binary exploitation like myself. Some advice:
I had trouble finding the correct commands to send what I needed to send to the binary. The "cat" command without a file name reads fr…
A useful lessons with this box: Finish your enumeration thoroughly, methodically and patiently to display all possible routes in, before moving to try and exploit - otherwise you will miss things out and give yourself a real pain when things don't w…
Clue is in the title for this one. Quite a fun machine in my opinion, especially root. My hints:
Research the API/db in use patiently so you can interact with it effectively - including default settings. Then you can solve the puzzle.
Definitely one of my favourite machines so far, this one really forces you to understand all the pieces of the web-app it is running in order to get user.
Hints I think may be useful:
User - if you're struggling to get a proper shell back, it's al…
Got root. For me an enjoyable box.
However the very first step was painful to see because it was so simple (strangely). After that, an interesting route with plenty to learn along the way.
For priv-esc, patiently and diligently reading source code…
I found this box teaches some valuable lessons - particularly the rule about Linux file permissions that priv-esc teaches.
Also found the enumeration steps surrounding the website to be essential skills for anyone attempting bug bounties - as SSL c…
Type your comment> @PavelKCZ said:
> One thing I would like to know. Is there someone with the OSCP certification ?
> How hard or simple is this box compared to boxes which are used during OSCP certification ?
For the privileg…
Type your comment> @plonk said:
Can anyone suggest a tool that can be used to interact properly with this service generally? Or is there some strategy at guessing what it wants? Would appreciate the help - either on here or in PM.
Type your comment> @21y4d said:
I would say I agree with you. Would you mind sending me PM with useful links/references teaching the process both-sides, start to finish (if you know of any)? Cheers