Cybersecurity Solutions and Support Services

    The description states:  "An intermediate boot2root. The name is a hint. The start is CTF but the end is real world and worth the effort. Created in Virtualbox. Goal: Get the root flag.

    Let me start off by saying that there's an unintentional way of rooting this box, unavoidable, in fact, and unfortunate.  It does not diminish the fun but the longer and intended route has more twists and turns.  This is the long way and the intended route.

    The description states:  "This box should be easy. This machine was created for the InfoSec Prep Discord Server as a give way for a 30d voucher to the OSCP Lab, Lab materials, and an exam attempt."

    Been a while since I've written I've been focusing heavily on a class but I needed a little distraction, saw the new Vulnhub look and feel, then saw this box.  I thought maybe it would be a little more OSCP-like but I think the point was to make it accessible to a wider variety of player. 

    We kick off with Nmap:

    First, let me start off by saying that this only takes you through the first flag because the next flag takes you off the CTF box and onto the Internet.  Call me a prude but I'm not attacking a public facing IP address.  I wish they would have done this with Docker or some other container technology because it could have been self contained. 

    That being said, the first part was a lot of fun.  I'll take you through to the pivot and then you can decide whether or not to move forward.

    The description states:  "Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.  Covenant is an ASP.NET Core, cross-platform application that includes a web-based interface that allows for multi-user collaboration."

    I'd previously written about Covenant and while I thought it was interesting, I didn't have a use for it then.  But as my engagements get larger, the ability to logically aggregate endpoints is a necessity and a second look at Covenant got me to really digging around in it.

    A couple of points before I jump into it.  First, this is not an A to Z primer.  Second, and more importantly, it is a little buggy from time to time.  The more you play with it, the more you're going to learn the ins and outs.  I've been using it day in and day out for about 45 days.  I understand well enough to know when I should try something again (and perhaps again). 

    There was a time when almost everyone had on an on-premises Exchange Server.  Out of the box, Exchange Server isn't very secure for any number of reasons and even when you harden Active Directory, Exchange is still somewhat vulnerable.  When hosted Exchange solutions became en vogue, we started migrating everyone off of their on-prem boxes and a small weight was removed from our shoulders. 

    Truth be told, I haven't attacked a hosted Exchange solution -- mostly because that's a grey area and it isn't necessary, phishing will do just fine.  But when we're talking about on-prem Exchange, we'll do a little recon and then we'll go after Outlook Web Access. 

    Page 3 of 61

    © 2020