This is not a comprehensive guide on installing Tinyproxy.  This is just a quick write-up on something I found that is very easy to setup for proxying.

I had a need for a small, simple, proxy, and when I went hunting around, I found Tinyproxy.  This could be installed on a Raspberry Pi, and I may end up doing exactly that at some point but for now, I installed it on the Debian "Small CDs or USB sticks" installation which took less than 10 minutes to install.  I probably spent another two minutes looking at the configuration file.  After that, I was in business -- proxying traffic.

The description for this box states:  "HackinOS is a beginner level CTF style vulnerable machine."  If this is "beginner", I'd hate to see intermediate.  That being said, this was a fun box because it was much more complex when compared to other boxes you'll find on Vulnhub.  There's also a little bit of everything with the different avenues of exploration and exploitation.  It's sprinkled with a few rabbit holes as well and I'll admit, I followed a couple.  To top it off, this box also gives us the opportunity to write a little bit of code which I initially tried to do in Bash (I ended up using PHP) but I couldn't get it to work for whatever reason.  I don't want to dig too much into that now but I'll go over it later when we arrive at that point in the enumeration process.

Kicking off with an Nmap scan:

Funny story -- I have a number of virtual machines setup for various types of exploitation such as the machine I used below for this RID Hijacking post.  When I'm done with the exploitation, I will revert them back to their previous state to keep things clean and in order to have a fresh slate for my next "project".

After finishing up this post, I reverted the machine to a point further back than I thought and I was unable to login to the machine with the known password.  Quickly thinking, i was confident the box was vulnerable to MS17-010 but I was incorrect.  :\

This particular machine is hosted on a Xenserver hypervisor which allows you to detach the disk and reattach it elsewhere -- which is what I did.  Upon accessing the drive from another virtual machine, I changed the utilman.exe executable with a meterpreter executable.  I then reattached it to the original host.  If you're not familiar with this hack: