Home

TL;DR This box is about exploiting a web application, getting access to an internal network and pivoting through a number of hosts. We have to get initial access through an Instance of NodeRed, then we will realize that we are in a Docker container. Next we have to exploit a arbitrary write vulnerability on a redis database to gain access to an...

Enumeration A simple Nmap scan shows that 3 ports are open: Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-10 11:40 EST Nmap scan report for 10.10.10.77 Host is up (0.10s latency). Not shown: 997 filtered ports PORT STATE SERVICE VERSION 21/tcp open ftp Microsoft ftpd 22/tcp open ssh OpenSSH 7.6 (protocol 2.0) | ssh-hostkey: | ...

This box is about exploiting a vulnerable WordPress plugin which allows you to get a shell via Remote File Inclusion. Then you have to escalate to another user by running tar with sudo and root escalation is done by exploiting a user-created backup script. Enumeration Only port 80 is open so we start by enumerating the Webserver. Quickly we wi...

Enumeration and First Shell Like with every other box we start with a simple nmap port scan: nmap -sC -sV 10.10.10.83 Nmap scan report for 10.10.10.83 Host is up (0.032s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 22/tcp filtered ssh 53/tcp open domain (unknown banner: Bind) | dns-nsid: |_ bind.version: Bi...

Enumeration Phase Nmap report: Nmap scan report for 10.10.10.70 Host is up (0.029s latency). Not shown: 999 filtered ports PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) | http-git: | 10.10.10.70:80/.git/ | Git repository found! | Repository description: Unnamed repository; edit this file 'descriptio...

Information CTF Name : noxCTF 2018 Website : ctf18.noxale.com Type : Online Format : Jeopardy CTF Time : link 573 - Blind Date - Misc My mom got me a date with someone! she sent me an image but i cannot open it. I don’t want it to be a blind date. Can you help me? By inspecting the data of the file with xxd we notice that th...

User The website seems to be made for testing purposes and has some php files listed that we can test. Hmm, the file listfiles.php sounds promising, let’s visit http://10.10.10.84/listfiles.php. Array ( [0] => . [1] => .. [2] => browse.php [3] => index.php [4] => info.php [5] => ini.php [6] => listfiles.php [7] =&...

User A quick nmap scan reveals that there is only one port open on this box which is running Node.js Express. Nmap scan report for 10.10.10.85 Host is up (0.10s latency). Not shown: 999 closed ports PORT STATE SERVICE VERSION 3000/tcp open http Node.js Express framework |_http-title: Site doesn't have a title (text/html; charset=utf-8)...