flick II vuln vm with a mobile twist

tl;dr Flick II just got published on Vulnhub! You should try it =) introduction After about a year since Flick I, I have finally managed to get Flick II out to VulnHub. I learned a lot from Flick I and as a result applied it to Flick II. The making of Flick II was also a very different story. If I have to compare it to the first one (which took 3 nights to build start to finish), Flick II took waay longer....

August 21, 2015 · 2 min · Leon Jacobs

beating sokar the vulnhub turns 0b10 challenge

introduction Vulnhub is 0b10 years old. That is binary for 2 :) In order to celebrate this, @_RastaMouse created Sokar. Sokar was used as another writeup competition (the first for 2015), similar to the Persistence challenge from Sep ‘14. From the competition announcement blogpost, the rules of engagement were pretty familiar. Boot the VM, pwn it via the network and find the flag. Of course, modifying the VM in order to help you get the flag (things like single user mode, rescue disks etc) are not allowed and you have to actually be able to prove how you got r00t. Sokar frustrated me. A lot. However, almost all of the challenges and configurations of Sokar were plausible. Most of the vulnerabilities are valid in the sense that it may as well be out there in wild. So, it was a great learning experience once again! Here is my entry for the competition. Enjoy! :) ...

February 21, 2015 · 31 min · Leon Jacobs

hoof to root solving pegasus 1

introduction Pegasus 1 is a boot2root hosted on VulnHub built by @TheKnapsy. He wrote a blogpost about it too containing a small introduction with Pegasus as his first boot2root (hoof2root? ;p). Having recently played in the Offsec Playground a little after having completed my OSCP, I was relatively exhausted. Pegasus had its fair share of frustrations and had me digging around quite a bit. I did however learn a very valuable lesson… again. You will see this in the my_first section. Like many other write ups I do, I will also recommend you try this one first before you read on. For me, Pegasus was definitely slightly more difficult than the usual VulnHub stuff you would see, but part of that may just as well be due to fatigue and that year end holiday mode ;p. However, that should not discourage you to give it a bash anyways! Lets begin. ...

December 23, 2014 · 21 min · Leon Jacobs

solving kvasir netcat edition

introduction Kvasir, a boot2root by @_RastaMouse has to be one of my most favorite boot2roots to date, if not the most favorite. Favorite however does not mean it was easy. It also proved to be one of the most challenging ones I have had the chance to try! Kvasir is extremely well polished, and it can be seen throughout the VM that @_RastaMouse has gone through a lot of effort to make every challenge as rewarding as possible. From exploiting simple web based vulnerabilities to service misconfigurations, traffic sniffing, steganography, forensics and cryptopraphy, Kvasir has it all! Solving it also had me make really heavy use of good old netcat. This writeup details the path I took to read the final flag :) ...

November 9, 2014 · 43 min · Leon Jacobs

knock-knock who’s there? solving knock knock

introduction Knock-Knock is a vulnerable boot2root VM by @zer0w1re and sure as heck was packed with interesting twists and things to learn! I figured I’d just have a quick look™, and midnight that evening ended up with root privileges :D As always, if you have not done this VM yet, this post is a massive spoiler and I would highly recommend you close up here and try it first :) This is my experience ‘knocking’ on the door. ...

October 14, 2014 · 30 min · Leon Jacobs

another troll tamed solving troll 2

foreword Tr0ll2 is a successor in a boot2root series by @Maleus21 hosted over at VulnHub. Having been able to pwn Tr0ll1, I gave this one a shot too. Here is my experience taming the troll, again. ...

October 10, 2014 · 16 min · Leon Jacobs

From Persistence

persist we must! Persistence! A new boot2root hosted @VulnHub, authored by @superkojiman and sagi- definitely got the attention from the community it deserves! Persistence was actually part of a writeup competition launched on September the 7th, and ran up until October th 5th. This is my experience while trying to complete the challenge. Persistence, once again, challenged me to learn about things that would normally have me just go “meh, next”. As expected, this post is also a very big spoiler if you have not completed it yourself yet, so be warned! ...

September 18, 2014 · 33 min · Leon Jacobs

taming the troll

foreword Having recently started the road to OSCP, @Maleus21 released Tr0ll on @VulnHub. I figured since the description was Difficulty: Beginner ; Type: boot2root, I could give it a smash in a evening as a bit of distraction. ...

August 15, 2014 · 8 min · Leon Jacobs

Beating Xerxes2

foreword Xerxes2 is a successor in a boot2root series by @barrebas hosted by @VulnHub. If you haven’t done it yet, close this article now and go learn by doing it! Xerxes2, like most other boot2root type CTF’s, has once again forced me to learn a whole lot more than I thought possible. In total it took me about 3 or 4 days on and off to complete. The goal was as usual, read /root/flag.txt. This is the path I took to read the flag and gain root command execution. Enjoy! ...

August 9, 2014 · 28 min · Leon Jacobs

flick can you find the flag?

TL;DR I made a CTF! You should try it! Find it on Vulnhub foreword So, security CTF’s are fun. A lot of fun. And can be one heck of a time sink! Checking my laptops time and realizing its 3am on a week night is normal when I get pulled into one. The frustration, the trolls, the tremendous amounts of learning is all part of the experience of a successful CTF in my opinion. ...

August 7, 2014 · 2 min · Leon Jacobs