Let me start off by saying that I broke from my plan of rooting the must-do boxes because I was up on Vulnhub and noticed new boxes.  I downloaded a few of them and there was one that I really wanted to do because it sounded interesting.  Technically, it's two boxes, one sitting off the second NIC of another.  I couldn't get the public facing box to grab an address and with limited time, I decided to go after a self-described "beginner" box.  Honestly, I wouldn't have written it up except that I learned a couple of things along the way -- things not to do and why.

Referring to my list of must-do boxes, Brainpan is described as "intermediate" in terms of level of difficulty and I would say that's a fair assessment.  Not because it's significantly harder than the previous boxes, it is not.  It's actually fairly straightforward and easy to root.  However, it requires a couple of skills that you might not possess if you're on the new-ish side of hacking vulnerable boxes.  The two skills required are basic scripting in some language and buffer overflow.

I love buffer overflow.  With other methods of exploitation, there's always this feeling of ambiguity but with buffer overflow, I have a defined path, I follow the path, and it leads to what I want.  

I don't want to talk too much because if ever there was a spoiler, this would be it.

Continuing on with the list of must-do boot2root boxes, next up on the list is Pegasus. 

I'm curious as to how this box ended up on the list following the others because the jump in difficulty increased significantly.  Don't get me wrong, I liked it.  

There are times when I learn a new command, tool, or whatever, and I add that to my enumeration process.  This box was one of those times.  But I don't want to get ahead of myself.