This will sound like a walk-through for Kioptrix1 but it didn't start off that way.  While scanning a server, I saw the following:

+ mod_ssl/2.8.4 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell.

When you search for:  mod_ssl exploit

The first result is 764.c on Exploit-DB.  Out of the box, when you compile it, it throws a bunch of errors which sometimes means nothing but in this case, it didn't result in an exploitation.  I assumed this was due to the age of this exploit and when I went searching, I found a few articles on how to repair this exploit to make it work in the modern day.

Read more: mod_ssl Remote Buffer Overflow

If you don't already use the web site "have i been pwned?", you should. It's a solid resource for checking your accounts for possible compromise.  Basically, you enter your email address, it will search through its database, and if your address shows up in its list, it will spit out the compromised sites and the details of the breach.  

Another feature of the site is the ability to check a password against their list of compromised passwords.  There are about 580 million passwords in their database and while you think "l33thacker" is solid, their database says it's been found 55 times.

Read more: Checking for Pwned Passwords

With most things technology, if you don't use it, you lose it.  I was once an MSSQL DBA but after taking and passing the certification, I never used it -- and then lost it.  I can hack my way around SQL but I wouldn't call myself a database administrator.  If you don't want to lose it, keep honing your skills, keep learning new things, and with pentesting, keep popping boxes.  You step away from it for just a short period of time and you're rusty.  

This is a skill I do not want to lose and that's why I find spare time to get after these boxes appearing on Vulnhub.  Practice, practice, practice!  

Read more: Vulnhub zico2: 1 Walkthrough

From time to time companies go through audits for various reasons.  In some cases, we’re the party performing the audit.  In other cases, a third party is performing the audit and we’re a participant from the technical team.  It’s a mixed bag because audits aren’t fun.  And no matter when you schedule them, it’s an inconvenience.  Rarely do I see both parties genuinely interested in the process or the outcome.  And let’s be honest, someone is questioning someone else’s ability to do their job.

That said, having been on the frontline of a disaster recovery or two has taught me to take audits seriously.  Particularly when it comes to backups because a company can survive many obstacles but data loss typically isn’t one of them. 

Read more: A Restore Solution

I banged my head a bit on this one.  The low privilege shell was quick but the privilege escalation had me twisting for a while.  This box is definitely a mixture of standard exploitation with a CTF twist.  CTF is not really my thing but I enjoyed this box.  It was clever and there were some components to it that are truer to life than some of the boxes that don't seem to have a purpose other than being a target.  

Read more: Vulnhub Bob: 1.0.1 Walkthrough

In the realm of vulnerable boxes, I prefer the more realistic situations rather than the style that leans toward capture the flag.  I get it.  When a person creates a vulnerable machine, it takes time and creativity and for that, I tip my hat to you.  Thank you for creating boxes!  All of you!  This one, however, leans toward the CTF style -- fortunately, it's not difficult and I rooted it quickly.  It was clever, I got to play around with a new application, and when I'm done with this post, I'm going back for a manual exploit on the same vuln.  

Read more: Vulnhub Dina: 1.0.1 Walkthrough