I am a frequent visitor of several information security communities and blogs. Whenever someone asks a question along the lines of “Are there any real world vulnerable by design challenges” the Kioptrix series keeps getting mentioned. I thought I’d bite the bullet and see what the Kioptrix challenges are all about starting with Kioptrix Level 1 which can be downloaded here.
How I obtained root access on the Valentine machine from Hack The Box.
Introduction
Hack The Box is an online platform that hosts virtual machines that are vulnerable by design to sharpen one’s penetration testing and security skills. Valentine was a fun machine to compromise as it suffers from a very well-known vulnerability. In addition to this well-known vulnerability one needs several other puzzle pieces to gain root access. This makes the Valentine machine an interesting learning experience.
How I obtained system access on the Chatterbox machine from Hack The Box.
Introduction
Hack The Box is an online platform that hosts virtual machines that are vulnerable by design to sharpen one’s penetration testing and security skills. Gaining system access on the Chatterbox machine is not very complex as an initial low privilege shell can be obtained through a service with a known vulnerability and publicly available exploit. Elevating privileges and gaining system access can be a bit more challenging as it requires some more advanced techniques.
Post exploitation techniques for file transfers on Windows operating systems without the use of Metasploit or other advanced tools.
Introduction
No Metasploit! you told yourself, as you accepted the challenge of creating an exploit manually. Taking your time carefully preparing the exploit, will it work, will I get a shell? You run the exploit and are greeted with a reverse cmd.exe shell on the Windows victim, your excitement soon fades however as the post exploitation phase begins you need a way to transfer files. Fear not as there is a multitude of ways to transfer files to and from a Windows victim without advanced tools such as Metasploit.