The description states: "Welcome to 'My Tomcat Host'.  This boot to root VM is designed for testing your basic enumeration skills and concepts."

    This is definitely a beginner box but as always, if you haven't played with the technology, it's new and could therefore be confusing. What I like about this box is that it sticks with the theme. 

    We kick off with Nmap:


    "Microsoft Compiled HTML Help is a Microsoft proprietary online help format, consisting of a collection of HTML pages, an index and other navigation tools. The files are compressed and deployed in a binary format with the extension.CHM, for Compiled HTML. The format is often used for software documentation."

    I'm working on something and I had the idea of infecting a CHM document.  Turns out, you can extract the contents using 7zip.  With the help of the Microsoft HTML Help Workshop, we can modify the contents with our malicious code and recompile it back together. 


    The description states:  "This VM is made for playing with privileges. As its name, this box is specially made for learning and sharpening Linux Privilege Escalation skills. There are number of ways to playing with the privileges." 

    Seems like there were a number of options but I think I took the most direct.  When I scanned with the long version of Nmap, it showed a long time for completion.  I kick off with the short form:


    One of the reasons why I like HTB is the fact that they have current operating systems.  Let me restate that -- current Windows operating systems.  I have to be well-rounded but 75% of my work is with Windows and Windows applications.  In the world of capture the flag, the majority of systems are Linux.

    As you can guess, Sniper is a Windows box and it's a wicked ride.  I learned quite a few things along the way and I went down a legitimate rabbit hole because I wanted to learn more about a particular aspect of the compromise.  I'll get to that in a minute.  Moving on, we kick off with Nmap:


    [UPDATED]

    The description states:  "Debian 10 64 bit machine . This is a simple box. No advanced stuff , just some fun… can you find the trail to root?

    I'm not into boxes that I have to brute force my way in.  The box states "simple" but I would add not beginner.  It's not hard but a beginner might get stuck.  It almost feels like something broke when the box was pushed up because it just doesn't feel right.  The picture on Vulnhub shows the Forbidden page on the web and that is completely useful to us.  I don't want to get to far ahead and this one goes quick so here goes...


    Page 9 of 58

    © 2020 sevenlayers.com