Cybersecurity Solutions and Support Services

    This box is described as "Intermediate" and the description states:  "Get the root shell i.e.(root@localhost:~#) and then obtain flag under /root)."

    I'll admit, I'm getting a little worn out on the multiple web serving troll ports.  It's basically the same box recycled with a different twist.  That being said, the privilege escalation was excellent.  There are multiple entrances for a low privilege shell and I cover two. 

    I believe this is the same author as Sumo.  The box states that it's "Beginner to Intermediate", the object is:  "Get the root shell i.e.(root@localhost:~#) and then obtain flag under /root)." and I'm glad I went back to read that because you don't need to elevate root to get the flag.  It also states:  "Warning: Be careful with "rabbit hole" -- not really sure exactly about that part.  Anyway, fun box so let's jump into it:

    "Burp Suite is a leading range of cybersecurity tools, brought to you by PortSwigger. It's the #1 tool suite for penetration testers and bug bounty hunters."

    When I write my posts, I like to use free tools because most of the free stuff is pretty awesome.  That being said, of the pay products, it's really hard to go wrong with Burp Suite Pro.  I think with the exception of some throttling, the pro version and free version are similar but at $400, it's not an expensive product for a business. 

    The description states that the box is "Beginner" and "Get the root shell i.e.(root@localhost:~#) and then obtain flag under /root)."  I don't want to put too much information up front but if you haven't been hacking for long, this is a blast from the past with a neat entry. 

    We kick off with Nmap:

    So I found this new CTF hacking site, TryHackMe.  At first glance, it seems like a tamer version of HackTheBox.  I took a quick look around, hacked the first box, and now I'm paying the $10/month for my subscription because it was a good experience and I want to encourage them to grow this with my piddly $10.  The first box on the list is Tomghost so you sort of know where this is headed based on the Ghostcat logo.  If not, I don't go into detail because I just wrote about Ghostcat so you can get my full thoughts from that post.

    The description states:  "Identify recent vulnerabilities to try exploit the system or read files that you should not have access to."  So it's generic but we'll just do our normal routine.  Kicking off with Nmap:

    Page 8 of 61

    © 2020