Vulnhub My CMSMS: 1 Walkthrough

by Vince
in Blog
Hits: 1102

The description states:  "Like its name, this box contains some interesting things about CMS. It has been designed in way to enhance user's skills while playing with some preveleges. Its a quite forward box but stay aware of rabbit holes."

I think the description pretty much nails it.  It's beginner to intermediate -- I think leaning definitely towards beginner but there are some rabbit holes that you might want to hammer on that could lead to some lost time.  I don't want to get too deep into it so let's kick it off with Nmap:

Read more

Vulnhub Vegeta: 1 Walkthrough

by Vince
in Blog
Hits: 2550

The description states:  "THIS IS A MACHINE FOR COMPLETE BEGINNER , GET THE FLAG AND SHARE IN THE TELEGRAM GROUP (GROUP LINK WILL BE IN FLAG.TXT)"

I would say that's a fair assessment but I could also see this causing some problems for beginners.  In general, I think it's always good to remember that "beginner" is based on a person's level of knowledge, tools, etc. 

Assuming that a beginner is reading this post for some help, let me toss out a couple of tricks and also show how I spider out with my enumeration and then come back to what's important. 

First, we kick off with Nmap:

Read more

Windows Exploit Suggester

by Vince
in Blog
Hits: 838

There are a ton of privilege escalation scripts that perform a wide variety of tasks but the reason why this particular tool sticks out is that it doesn't run on the target machine.  The description for Windows Exploit Suggester states:  "This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins."

Basically, we run systeminfo, save the contents into a file on our machine, and we run Windows Exploit Suggester against that file. 

Read more