When I spoke at BSides earlier this year, I met a guy who works for a company that provides SOC as a service.  Our skills are not the same and if anything, he's on the receiving end of what I've create.  I had a question about some of the obfuscation techniques I use -- specifically, I wanted to know how someone would approach the obfuscated code.  He mentioned a tool -- CyberChef.  I'd never heard of it and looking back, I don't know how I haven't heard of it.  The description from their site states:  "CyberChef - The Cyber Swiss Army Knife".

On Kali, Burp Suite comes preinstalled as a self contained application inside of a .jar file.  I've never actually looked but I assume the shortcut is just something along the lines of java -jar burpsuite.jar (or whatever the full name is...).  On my Ubuntu system, Burp is installed via the installation script.  That was a choice I made for no particular reason but when Burp is upgraded, it isn't as simple as replacing a .jar file.  The download is a Bash script and while the previous upgrades have worked flawlessly, upgrading to 2020.5 fails to complete installation:

The description states:  "Easy linux machine to practice your skills" and "Have some fun! There might be multiple ways to get user access."

I thought this was worthy of writing up because you have to chain several pieces together in order to get on the box.  I saw something recently that described the various capture the flag boxes by level.  Based on the description for this box and how I gained my low privilege shell, I would call this easy.5 because it wasn't one step to the next.  The idea of chaining pieces together is more of an intermediate kind of process.  That said, maybe there was an easier avenue that I missed?  Anyway, I really liked the box so let's kick off with Nmap: