Cybersecurity Solutions and Support Services

    The description states:  "Like its name, this box contains some interesting things about CMS. It has been designed in way to enhance user's skills while playing with some preveleges. Its a quite forward box but stay aware of rabbit holes."

    I think the description pretty much nails it.  It's beginner to intermediate -- I think leaning definitely towards beginner but there are some rabbit holes that you might want to hammer on that could lead to some lost time.  I don't want to get too deep into it so let's kick it off with Nmap:


    PingCastle is an auditing tool and oddly, when you view their website, they don't have an actual description of the product.  The site jumps straight into the uses, features, and benefits. 

    In a nutshell, PingCastle quickly generates a comprehensive assessment of the overall posture of the domain.  For example, is SMBv1 enabled?  Can we attack the network with LLMNR poisoning because we're allowing Netbios over TCP?  But it goes beyond the low hanging fruit, it gets into the granular settings for AD accounts and it makes suggestions on how to better configure the domain. 


    The description states:  "THIS IS A MACHINE FOR COMPLETE BEGINNER , GET THE FLAG AND SHARE IN THE TELEGRAM GROUP (GROUP LINK WILL BE IN FLAG.TXT)"

    I would say that's a fair assessment but I could also see this causing some problems for beginners.  In general, I think it's always good to remember that "beginner" is based on a person's level of knowledge, tools, etc. 

    Assuming that a beginner is reading this post for some help, let me toss out a couple of tricks and also show how I spider out with my enumeration and then come back to what's important. 

    First, we kick off with Nmap:


    When I spoke at BSides earlier this year, I met a guy who works for a company that provides SOC as a service.  Our skills are not the same and if anything, he's on the receiving end of what I've create.  I had a question about some of the obfuscation techniques I use -- specifically, I wanted to know how someone would approach the obfuscated code.  He mentioned a tool -- CyberChef.  I'd never heard of it and looking back, I don't know how I haven't heard of it.  The description from their site states:  "CyberChef - The Cyber Swiss Army Knife".


    There are a ton of privilege escalation scripts that perform a wide variety of tasks but the reason why this particular tool sticks out is that it doesn't run on the target machine.  The description for Windows Exploit Suggester states:  "This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins."

    Basically, we run systeminfo, save the contents into a file on our machine, and we run Windows Exploit Suggester against that file. 


    On Kali, Burp Suite comes preinstalled as a self contained application inside of a .jar file.  I've never actually looked but I assume the shortcut is just something along the lines of java -jar burpsuite.jar (or whatever the full name is...).  On my Ubuntu system, Burp is installed via the installation script.  That was a choice I made for no particular reason but when Burp is upgraded, it isn't as simple as replacing a .jar file.  The download is a Bash script and while the previous upgrades have worked flawlessly, upgrading to 2020.5 fails to complete installation:


    Page 5 of 61

    © 2020 sevenlayers.com