In a previous post, I talked about using Terraform to spin up AWS instances.  Not to rehash what was already written, if you want to see the mechanics of account creation, permissions, and the basic server setup, please look to that post.  This post will expand on the basic server by executing a post install script that performs a number of tasks.  Really, this is where you can automate a ton and save time. 

First, let me start off by saying that this only takes you through the first flag because the next flag takes you off the CTF box and onto the Internet.  Call me a prude but I'm not attacking a public facing IP address.  I wish they would have done this with Docker or some other container technology because it could have been self contained. 

That being said, the first part was a lot of fun.  I'll take you through to the pivot and then you can decide whether or not to move forward.

Described as an "Easy to Intermediate" boot2root, the description states:  "Really technical machine, if you are ready for certifications it will be a good tool to test yourself. You will find a very rare final exploit technique, which you have hardly seen before!" 

I've said this a ton of times, it's all a matter of perspective.  In my opinion, this challenge is easy.  Entry is quick and root is even quicker.

We kick off with Nmap:

The description states:  "Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.  Covenant is an ASP.NET Core, cross-platform application that includes a web-based interface that allows for multi-user collaboration."

I'd previously written about Covenant and while I thought it was interesting, I didn't have a use for it then.  But as my engagements get larger, the ability to logically aggregate endpoints is a necessity and a second look at Covenant got me to really digging around in it.

A couple of points before I jump into it.  First, this is not an A to Z primer.  Second, and more importantly, it is a little buggy from time to time.  The more you play with it, the more you're going to learn the ins and outs.  I've been using it day in and day out for about 45 days.  I understand well enough to know when I should try something again (and perhaps again). 

The description states:  "An intermediate boot2root. The name is a hint. The start is CTF but the end is real world and worth the effort. Created in Virtualbox. Goal: Get the root flag." 

Let me start off by saying that there's an unintentional way of rooting this box, unavoidable, in fact, and unfortunate.  It does not diminish the fun but the longer and intended route has more twists and turns.  This is the long way and the intended route.

The description states:  "This box should be easy. This machine was created for the InfoSec Prep Discord Server as a give way for a 30d voucher to the OSCP Lab, Lab materials, and an exam attempt."

Been a while since I've written I've been focusing heavily on a class but I needed a little distraction, saw the new Vulnhub look and feel, then saw this box.  I thought maybe it would be a little more OSCP-like but I think the point was to make it accessible to a wider variety of player. 

We kick off with Nmap: