This is one of those things that is pretty benign but just makes people crazy.  In the Burp Suite history, we repeatedly see entries for http://detectportal.firefox.com and the frequency is ridiculous.  I have this disabled in my c2 image but I hopped on a client's Kali install and there it was... tormenting me:

Read more: Burp Suite: detectportal.firefox.com

This is definitely not a beginner style box.  The description for Ted states:  "How well do you understand PHP programs? How familiar are you with Linux misconfigurations? This image will cover advanced Web attacks, out of the box thinking and the latest security vulnerabilities."  

The biggest barrier for Ted is the entry.  Once you get on the box, standard enumeration will lead you to root in any number of ways.  There are no less than three kernel exploits and a misconfigued something.  It's Friday not, I've got nothing better to do than hack, once I got on the box, I just kept popping it until I got bored.  That said, I did NOT get bored with the entry.  This box is hard, this box is fun, and this box is worth doing even if you're following this walkthrough because there are lessons to be learned.

Read more: Vulnhub Ted: 1 Walkthrough

I think this is from the same author that has produced a couple (?) of the advanced web application machines.  The description for this box states:  "The library is a sophisticated web application which has few advanced vulnerabilities. You will have to think out of the box to be able to compromised successfully this machine. If you can't you can just enjoy countries history ;)"

This one was tough.  The injection is tedious and tricky but if you take your generic queries into SQL and you look at the responses, it will become obvious as to what will and will not work.  I'm trying not to spoil too much and perhaps that hint is enough by itself.

Read more: Vulnhub The Library: 1 Walkthrough

I recently performed a pentest for a client who wanted a sanity check on their environment because there have been numerous new devices installed and those installations were done in haste.  While I do have prior knowledge of this network, I treated it like a black box test.  Initially, I thought I would drop into the network through a VPN and then attack from there but as luck would have it, I gained entry through a vulnerable device which made this all the more fun.

When I began scanning the network, I uncovered numerous devices that could have potentially been used to drive further into the network but I put those aside when I fired up Responder.  In previous times, Responder would poison a request and we'd get a hash for cracking but with a modern domain controller, odds are pretty good that password complexity rules will thwart your hash cracking attempts.  That said, we won't need to crack hashes when we can relay them.

Read more: Domain Takeover with Responder, RunFinger, and MultiRelay

After playing with Ted, I was excited to move to the next box from the same author.  DomDom is described as:  "How well do you understand PHP programs? How familiar are you with Linux misconfigurations? This image will cover advanced Web attacks, out of the box thinking and the latest security vulnerabilities."

Let me start off by saying that I think Ted was harder but it's really a matter of what you know versus what you don't know. This seemed pretty straightforward and it didn't take long to get on the box.  From there, root was quick.  I only went one route for root this time because it's Saturday morning and I have things to do. ;)  Given the nature of Ted, I think there's a more clever way to root but I take these boxes to be more about the entry than the privilege escalation.  Perhaps I'll take a second glance later.  I also thought about scripting up a portion of the process in Python.  For now....

Read more: Vulnhub DomDom: 1 Walkthrough

A friend who already rooted this box recommended it to me and now understand why.  It wasn't hard but it makes you put pieces together and that makes it fun.  I'll bring this up in a minute when we get to a specific point but somewhere in the middle, something kept breaking and I had to tear out the VM and import a new one.  I don't know if that was just me or if this is everyone but it'll be obvious if it happens to you and I'll make sure to point it out.

Anyway, kicking off with Nmap:

Read more: Vulnhub symfonos: 1 Walkthrough