The description states:  "This boot to root VM is fully a real life based scenario. It has been designed in way to enhance user's skills while testing a live target in a network. Its a quite forward box but stay aware of rabbit holes." 

There are quite a few directions this could have gone and I'm not sure I took the intended route, especially with the entry.  I feel like I found my foothold and just plowed on through it.  In general, I would say this is an easy box but you need the skills to setup an application outside of the vulnerable machine to use in my exploitation route.  That will make more sense shortly. 

The description for HTTrack states:  "HTTrack is an offline browser utility, allowing you to download a World Wide website from the Internet to a local directory, building recursively all directories, getting html, images, and other files from the server to your computer."

We have more nefarious purposes like cloning sites for phishing awareness campaigns but regardless, the outcome is still the same.  HTTrack is a decent tool for quickly cloning a site.  It's fairly simple to use and once it's installed, we launch it by executing:  httrack

I mentioned this in a previous post but we are seeing a large increase in phishing attacks from known sources.  In other words, phishing attacks are coming from your friends, colleagues, and vendors.  You trust these sources and you are likely to drop your guard more so than when say the Nigerian Prince email makes its way into your inbox.  Obviously, if someone falls for the phish, this campaign lives on and that's how future attacks occur.  But how does the original attack get legs underneath it?  First, let's start with the phish and work our way backwards.