"Cymmetria’s MazeRunner platform lets you dominate an attacker’s movements from the very beginning and lead them to a monitored deception network."

    I really like this product but after my first installation, I felt like I sort of rushed the process and I wanted to start over again.  With a fresh install, I headed over to the Responder monitor.  For those of you unfamiliar with Responder.py, it's wicked fun if you're an attacker, and not so much fun if you're a defender.

    The other day, a friend asked if I was on HacktheBox and I was reminded that I'd been absent for a while.  Apparently, they are cranking out a new box every week which could be good or bad -- I'm not really sure.  While looking for something to write, I thought I'd take on one of their retired boxes and that would solve two "needs" simultaneously.  

    This box was interesting mostly because of the hunt for the exploit to gain a foothold on the system.  From there, it was trial and error as to which technique would work for a particular task.  After that, root was easy.

    First, we kick off with Nmap:

    The description states:  "The machine was part of my workshop for Hacker Fest 2019 at Prague.  Difficulty level of this VM is very “very easy”. There are two paths for exploit it."

    In the eye of the beholder and such but yes, very easy.  I saw the description and I thought this might be a good machine to check out for my weekend group.  One person has already rooted it and all I did was mention it so we're off to a good start.

    Anyway, we kick off with Nmap:

    © 2020 sevenlayers.com