I just burned down my Kali install and I fired up a completely new box.  As I was putting my favorite tools back on the new box, I went to grab Empire and I saw the following:  "This project is no longer supported".  Not that I was a heavy Empire user but I've used it and that message piqued my curiosity.  While searching, I found another headline:  "PowerShell Empire Framework Is No Longer Maintained" on Bleeping Computer.  Tl;dr -- it's old, hackers (good and bad) are using it, there's newer stuff, and the developer(s) no longer feel the need to maintain it.

On the newer stuff front, we have Sliver which according to the description, and from my personal interaction, is currently in alpha.  I will warn you right now, I trashed a Windows VM because something got stuck, I Ctrl-C'd out of Sliver and the Windows box got bricked.  After the reboot, I login to Windows, still a brick.  It was either elevate, migrate, or impersonate.  Honestly, I don't recall and I didn't want to go through the hassle of recreating it to find out.  You've been warned.

Read more: Sliver C2

Continuing on with the SP series, I'm working my way backwards through the list of boxes I've yet to root and we find Harrison which is described as:  "Can you break free from Harrison's prison?"

From the description, I'm thinking some sort of shell jail but I'm not really sure what's in store for me.  I'll just do my thing, we'll see what obstacles appear and work around them.

Read more: Vulnhub SP: harrison Walkthrough

I witnessed someone trying to inject on a login form and what was expected and the actual result were night and day.  The idea that if we find an injection point by entering a single tick does not necessarily mean we are going to be able to successfully enter ' or '1'='1 and achieve a positive outcome.  In the example below, there at least two components to this injection, we have a PHP front-end with a MySQL back-end.  The latter may cooperate, and it does, but it's the former that is determining what we can do and where we can do it.

Below, we have a simple login form.  We enter a single tick:

Read more: Under the Hood: SQL Injection

I think I've mentioned that I dislike the puzzle style boxes.  Seems like the last couple of Vulnhub downloads required me to solve problems that had little to do with real world scenarios.  I hate to quit midstream but my personal goal is to hone my craft, learn new techniques, and improve my documentation skills.  Hunting for the hidden page, behind the hidden page, behind the hidden page, using a wordlist I scraped from some video game fan page is not exactly what I had in mind. #truestory

Searching through Vulnhub, I spotted the SP series and I remember it being fresh, challenging, and at least semi real world.  Jerome's description:  "Jerome has created some awesome recipes. Can you find them?"

I'm glad I found my way back to this series because while Jerome was never hard, it was challenging and it kept me on my toes.  

Read more: Vulnhub SP: jerome (v1.0.1)

You can't judge a book by its cover.  When I saw that the description was empty, I thought this box was going to be hard.  Again, as always, your definition of hard and mine may differ but this box has few moving parts and in my opinion, it's not hard.  In fact, this box is perfect for a friend who I'm guiding into penetration testing.  He just learned a new skill the other day and there's a component to this box that's right up his alley.  

Moving on, we kick off with Nmap:

Read more: Vulnhub sunset: 1 Walkthrough

This is one of those things that is pretty benign but just makes people crazy.  In the Burp Suite history, we repeatedly see entries for http://detectportal.firefox.com and the frequency is ridiculous.  I have this disabled in my c2 image but I hopped on a client's Kali install and there it was... tormenting me:

Read more: Burp Suite: detectportal.firefox.com