Super simple web fuzzer with hard coded IP and wordlist using fake_useragent.  This script reads through the wordlist, checks the site with the combined url, and looks for 200 responses.  

    #!/usr/bin/python
    import requests
    import io
    from fake_useragent import UserAgent
    ua = UserAgent()
    user_agent = ua.random
    host='http://192.168.90.27/'
    filepath = 'wordlist.txt'
    with open(filepath) as fp:
        line = fp.readline()
        while line:
            combined = host+line.strip()
            r = requests.get(combined, headers={'User-Agent': user_agent})
            if r.status_code == 200:
                print line.strip(),'\n',r
            line = fp.readline()


    I almost titled this blog something that would give away the exploit but then I realized someone might be passing by to get a hint.  Without giving away the privilege escalation -- the first time I used this exploit, I felt like a l33t h4xor.  I'm not.  I just felt like one because it's more than just compile, execute, root.  I've only used it a few times but I like it.  There's a quicker way to root this box but it's worth doing the longer way especially because it didn't go as planned and there's a slight modification that makes it work anyway.  

    Continuing on with the Kioptrix Series, this is Kioptrix 1.3 (#4), the fourth from this author (group?).  This is a big jump up from the first three in terms of difficulty, IMO.


    I'm surprised I didn't find this one sooner.  I was working my way through the Kioptrix series but alas, the final box is from a different hypervisor and while I was able to import it, I could not get networking to function.  One day I will setup another machine to work on these other systems but for now, I continue finding lists of must-do boxes.  Vulnix has been around for a while but I've never crossed paths with it.

    This is a fun box.  It is probably more real world than the CTF style boxes because its vulnerability stems from a misconfiguration which is more likely than you might think.  


    Next up in the Kioptrix series is Kioptrix 1.2 (#3), the third in the group which gets even more confusing with #4 and #5 being referenced as 4 in their downloads but I digress.  I think something is wrong with the image because I was expecting LFI from the vulnerabilities I found but LFI didn't work.  I ended up going a different route than what I think was the point of this lesson.  I just wanted to pop the box, be done with it, and move on to the next one -- hoping that it was just a one-off problem.

    After I rooted the box, I found some creds, a setuid binary, and I think that was my route after getting in through LFI but I'd already popped the box, seemed like things were messed up, and there are more to conquer.  


    First, let me say that while I've used this password manager on occasion for various reasons, this is not what I use personally.  If we're making a recommendation, we like 1Password.  But if we're looking for a completely free password manager that doesn't require logging into a website, KeePass is a solid option.  It's a no frills password manager that does exactly what you'd expect it to do -- store passwords.  

    As far as I can tell, KeePass doesn't have native browser integration although there are Chrome and Firefox extensions available.  I can't speak to their reliability or their security.  Assuming we're just trying to get off of Excel as our password manager and we just want to move to something a little more secure and robust, without further ado -- KeePass...


    After learning of the Kioptrix series, I've become curious as to what makes up the other boxes.  The next in the series, Kioptrix:  Level 1.1 (#2), is a Centos server with an injection point.  There are a two things I like about this box:

    1.  With the typical path I'd normally take with sqlmap, I was unable to get anything of use from this box and I was forced to use manual knowledge of blind sql injection.

    2.  This box is older and what ultimately got me to root was an exploit I haven't used which is something new to me that I will stuff away for possible later use.


    © 2020 sevenlayers.com