From time to time companies go through audits for various reasons.  In some cases, we’re the party performing the audit.  In other cases, a third party is performing the audit and we’re a participant from the technical team.  It’s a mixed bag because audits aren’t fun.  And no matter when you schedule them, it’s an inconvenience.  Rarely do I see both parties genuinely interested in the process or the outcome.  And let’s be honest, someone is questioning someone else’s ability to do their job.

That said, having been on the frontline of a disaster recovery or two has taught me to take audits seriously.  Particularly when it comes to backups because a company can survive many obstacles but data loss typically isn’t one of them. 

Read more: A Restore Solution

The second of two, SickOs: 1.2 promises to be, and is, different than it's predecessor.  If anything, I learned that I'm becoming frustrated with my setup.  If you've noticed, a lot of the time, I'm pushing my shells across port 53.  That's partly by design and partly out of necessity.  First, if you think about it, port 53 is DNS and there should be a lot of DNS traffic floating around on your network.  While a reverse shell doesn't LOOK like a DNS query upon close inspection, perhaps it goes unnoticed among the noise.  Second, I like to use port 443 for basically the same reason, it gets lost in the noise.  But I had to enable SSL on my C2 server because there were exploits I needed to pass across HTTPS.  Enabling and disabling Apache was becoming annoying which is why I switched over to 53 and you'll see why that's a problem in a moment.

Read more: Vulnhub SickOs: 1.2 Walkthrough

In the realm of vulnerable boxes, I prefer the more realistic situations rather than the style that leans toward capture the flag.  I get it.  When a person creates a vulnerable machine, it takes time and creativity and for that, I tip my hat to you.  Thank you for creating boxes!  All of you!  This one, however, leans toward the CTF style -- fortunately, it's not difficult and I rooted it quickly.  It was clever, I got to play around with a new application, and when I'm done with this post, I'm going back for a manual exploit on the same vuln.  

Read more: Vulnhub Dina: 1.0.1 Walkthrough

While I sort through some issues with my hypervisor and some older boxes which won't run on it, I'm working on the newer releases on vulnhub.  I spotted billu: box 2 and I think I recall doing the first box by this author sometime ago.  I don't remember the original nor do I have any notes so I can't give you any information as to whether it's similar, harder, or if there's any relationship at all.  

I spent some time trying to work out a manual way of getting my low priv shell but eventually went with Metasploit.  But I'm getting ahead of myself --

Read more: Vulnhub billu: b0x 2 Walkthrough

Now this is a box to test your ability to stay focused.  There are a few things going on that can distract you which could cause you to overlook the smaller, more important, details.  I can't say this with all of the boxes but I stayed on the right path from start to finish.  

According to the notes, there are two ways to get a low privilege shell and three ways to root.  I found two ways to a low privilege shell and suspect there's actually a third.  I know of two ways to get root and I'll have to read a walkthrough to see the third avenue.  

There's so much going on with this box for post exploitation and I want to play around a bit more but I have to move on.  

If I were just starting out and I fumbled around on this box, I would go back to this box again in three to six months when I'd forgotten as much as I could and give it another go.  

Read more: Vulnhub Stapler: 1 Walkthrough

Let me start off by saying that I broke from my plan of rooting the must-do boxes because I was up on Vulnhub and noticed new boxes.  I downloaded a few of them and there was one that I really wanted to do because it sounded interesting.  Technically, it's two boxes, one sitting off the second NIC of another.  I couldn't get the public facing box to grab an address and with limited time, I decided to go after a self-described "beginner" box.  Honestly, I wouldn't have written it up except that I learned a couple of things along the way -- things not to do and why.

Read more: Vulnhub Toppo: 1 Walkthrough