Let me start off by saying that I broke from my plan of rooting the must-do boxes because I was up on Vulnhub and noticed new boxes.  I downloaded a few of them and there was one that I really wanted to do because it sounded interesting.  Technically, it's two boxes, one sitting off the second NIC of another.  I couldn't get the public facing box to grab an address and with limited time, I decided to go after a self-described "beginner" box.  Honestly, I wouldn't have written it up except that I learned a couple of things along the way -- things not to do and why.

Read more: Vulnhub Toppo: 1 Walkthrough

Continuing through the list of must do boot2root machines, I came upon Kevgir.  I love this box for so many reasons.  It's not particularly hard but it's easy to follow one of the many rabbit holes.  I followed exactly one rabbit hole but not for too long -- I started chasing Jenkins.  I just finished a recently published book and the author talked about Jenkins being a go to avenue.  I don't have a lot of experience with Jenkins but I took his word for it and I pushed on Jenkins for about 15 minutes, stepped back, and said -- let's stick with what we know.

Read more: Vulnhub Kevgir: 1 Walkthrough

Referring to my list of must-do boxes, Brainpan is described as "intermediate" in terms of level of difficulty and I would say that's a fair assessment.  Not because it's significantly harder than the previous boxes, it is not.  It's actually fairly straightforward and easy to root.  However, it requires a couple of skills that you might not possess if you're on the new-ish side of hacking vulnerable boxes.  The two skills required are basic scripting in some language and buffer overflow.

I love buffer overflow.  With other methods of exploitation, there's always this feeling of ambiguity but with buffer overflow, I have a defined path, I follow the path, and it leads to what I want.  

I don't want to talk too much because if ever there was a spoiler, this would be it.

Read more: Vulnhub Brainpan: 1 Walkthrough

I found a list of recommended Vulnhub servers that someone suggested for good practice.  When I started looking at the age of these boot2root boxes, I could already tell my first 'go to' exploit would be DirtyCow, at least for some of them. 

I saw a comment on this exploit somewhere and they talked about its instability.  It is very unstable unless you know how to stabilize it -- which is easy.  

When you first launch the exploit, it hangs while finishing.  If you do nothing and wait for it to finish, not long after it finishes, it's going to crash the server.  If you've read some of my other posts where I use this exploit, I have the fix lined up.  Here's what you need to do --

Read more: Vulnhub SickOs: 1.1 Walkthrough

Continuing on with the list of must-do boot2root boxes, next up on the list is Pegasus. 

I'm curious as to how this box ended up on the list following the others because the jump in difficulty increased significantly.  Don't get me wrong, I liked it.  

There are times when I learn a new command, tool, or whatever, and I add that to my enumeration process.  This box was one of those times.  But I don't want to get ahead of myself.

Read more: Vulnhub Pegasus: 1 Walkthrough

As administrators, developers, and various other technology roles, we make mistakes and I wanted to find a server that I could use as an example of how mistakes are made in the real world. LazySysAdmin is just that box.

Don't get me wrong, I love the esoteric CTF type boxes with port knocking, hidden exif data messages, etc., but as far as I can tell, those don't exist in the real world. This box is real world -- where simple mistakes that someone can make in everyday administration can turn into full-on compromise.

Read more: Vulnhub LazySysAdmin: 1 Walkthrough