We manage and monitor backups for our clients and as part of our process, we perform audits to ensure backups can be restored.  Going on a tangent for a moment, the purpose of a backup is not to capture the data, the purpose is to restore data when there's data loss.  You would be surprised when the backup software reports a successful run and yet you're unable, or you have difficulty, restoring that data.  Not to get into the weeds too far, point being, it's important to test the restore function to see if your expectations and reality align.  

Back on topic.  In the process of testing the restore capability, we occasionally come across files with "password" in the title or some other title that leads us to believe a document contains passwords.  In a few previous posts, I've discussed various methods for hunting for sensitive data and cracking of various file protections.  In this post, I'm putting a couple of those together.

Sometimes you're the windshield and sometimes your the bug.  This week, I'm feeling like the bug with respect to educational development.  I'm a little beat down from trying to understand an exploitation technique that I'm having a hard time grasping.  In need of a break, I went in search for something on the easier side to build my confidence.  Looking through some of the older machines on Vulnhub, I found Quaoar which claims to be easy.  I went beyond what was necessary to achieve victory but I think given its level of difficulty, I could take this further, explore it beyond root, and see what else I could uncover.

Kicking off with Nmap:

The other day, I received an email from someone who asked me to write up a walk-through on SP: leopold which is part of a new series of boxes on Vulnhub.  Sometimes I really appreciate the Internet for what it truly is -- a remarkable instrument for communication.  It allows someone, from somewhere, to reach out and collaborate with another stranger with a common interest.  I was flattered actually and it made my day.

When I replied to my new found friend, I said that I would take a look at it over the weekend and I offered my quick thoughts.  I received a reply not long after with a bit more information which included a solid hint.  Prior to receiving that hint, I did what I normally do --