The description states:  "This boot to root VM is designed for testing your pentesting skills and concepts. It consists of some well known things but it encourages you to use the functionalities rather than vulnerabilities of target."

    I believe this is the same author as the Tomcat server I just wrote up this week.  Again, there's a certain style as to how the author builds boxes and I like it.  The point here is that finding mistakes and abusing functionality is very common versus say a zero day or a publicly known exploit, in my opinion. 

    We kick off with Nmap:


    One of the reasons why I like HTB is the fact that they have current operating systems.  Let me restate that -- current Windows operating systems.  I have to be well-rounded but 75% of my work is with Windows and Windows applications.  In the world of capture the flag, the majority of systems are Linux.

    As you can guess, Sniper is a Windows box and it's a wicked ride.  I learned quite a few things along the way and I went down a legitimate rabbit hole because I wanted to learn more about a particular aspect of the compromise.  I'll get to that in a minute.  Moving on, we kick off with Nmap:


    The description states: "Welcome to 'My Tomcat Host'.  This boot to root VM is designed for testing your basic enumeration skills and concepts."

    This is definitely a beginner box but as always, if you haven't played with the technology, it's new and could therefore be confusing. What I like about this box is that it sticks with the theme. 

    We kick off with Nmap:


    "Microsoft Compiled HTML Help is a Microsoft proprietary online help format, consisting of a collection of HTML pages, an index and other navigation tools. The files are compressed and deployed in a binary format with the extension.CHM, for Compiled HTML. The format is often used for software documentation."

    I'm working on something and I had the idea of infecting a CHM document.  Turns out, you can extract the contents using 7zip.  With the help of the Microsoft HTML Help Workshop, we can modify the contents with our malicious code and recompile it back together. 


    The description states:  "This VM is made for playing with privileges. As its name, this box is specially made for learning and sharpening Linux Privilege Escalation skills. There are number of ways to playing with the privileges." 

    Seems like there were a number of options but I think I took the most direct.  When I scanned with the long version of Nmap, it showed a long time for completion.  I kick off with the short form:


    Page 8 of 57

    © 2020 sevenlayers.com