The description states:  "Easy linux machine to practice your skills" and "Have some fun! There might be multiple ways to get user access."

    I thought this was worthy of writing up because you have to chain several pieces together in order to get on the box.  I saw something recently that described the various capture the flag boxes by level.  Based on the description for this box and how I gained my low privilege shell, I would call this easy.5 because it wasn't one step to the next.  The idea of chaining pieces together is more of an intermediate kind of process.  That said, maybe there was an easier avenue that I missed?  Anyway, I really liked the box so let's kick off with Nmap:


    I thought this was an interesting problem because there's a local file inclusion vulnerability but some of the typical methods for including the juicier files are prevented due to the addition of a defined PHP parameter.  The problem consists of a web site that allows the viewer to select whether they'd like to see dog or cat pictures.


    This is kind of an interesting exploit because it's one of those things where you really don't understand the consequences of your actions.  Granted, this is a made up scenario in part but the exploitation part is not made up -- it's the real deal.

    In this scenario, we have a low privileged user account and in their home directory we find this backup folder.


    I'm still writing about a three year old exploit because a post I wrote a long time ago continues to get traction on a monthly basis. 

    When this series of vulnerabilities appeared, Metasploit modules were written soon after which gave use the ability to point and click for root.  Then somewhere along the way, the following error started to appear:  "Unable to find accessible named pipe!"  I'd initially thought that machines were patched and that prevented the execution despite their vulnerable appearance.  Then, honestly, I just didn't have the interest to care. 


    According to the description:  "hexedit - view and edit files in hexadecimal or in ASCII".  So how did I end up here?  I was playing a ctf challenge and I came across a picture that was supposed to be a jpg file but was intentionally altered.  Much Googling followed and after trying some fixit-type tools (that didn't work), I ended up on a post that talked about manually repairing the image file with hexedit.


    Page 3 of 58

    © 2020 sevenlayers.com