Kioptrix level 1

So today we will be doing the first machine of the Kioptrix series which can be found on vulnhub. The challange says “EMail” so I guess the flag is in the email of one of the user accounts. So to start of we run the netdiscover -r 192.168.0.0/24 command to …

Pwnlab-Init

The next machine on the list is Pwnlab-init which can be downloaded here: https://www.vulnhub.com/entry/pwnlab-init,158/ To find the IP adress of the machine we used netdiscover on our local network. The machine should be on the 130 address. Lets start an normal nmap scan and a full nmap scan. Lets have …

Mrrobot

Today we are doing the next box listed in the OSCP prep guide given from school. The machine is called Mrrobot, with a reference to the hacker series Mrrobot. A good one to watch! The machine can be downloaded on vulnhub at https://www.vulnhub.com/entry/mr-robot-1,151/ To find the machine on the network …

Stapler

Stapler is also a vulnerable machine which can de found on vulnhub. https://www.vulnhub.com/entry/stapler-1,150/ To start of the machine I had to use nmap again, since netdiscover didn’t found any IP adresses. There probably is something wrong with netdiscover on my kali machine. The nmap results are quite large, lets have …

SickOS 2

SickOS 2 is also a vulnerable machine from vulnhub and can be downloaded here: https://www.vulnhub.com/entry/sickos-12,144/ To start of the machine I had to use NMAP again to get its IP address since netdiscover didn’t found the machine. First we run NMAP to see what ports are open: So we got …

SickOS 1

SickOS is a vulnerable machine which can be found on: https://www.vulnhub.com/entry/sickos-11,132/ For some reason I couldn’t find the machine with the netdiscover tool. No idea why, but nmapping the whole NAT network worked. So lets use nmap for the whole machine. We use the -sV parameter to get the version …

Leviathan1

Challange: There is no information for this level, intentionally. Seems like we don’t get any information for any challenge. Just like the last one we can SSH into the server with the credentials we got from the last challenge. Command: $ssh leviathan1@leviathan.labs.overthewire.org -p 2223 Lets have a look to see …

Leviathan level 0

Challange:There is no information for this level, intentionally. Okay, no information. I should ssh to the server, it has been a while that I had used ssh. Didn’t do any challenges for a while and started this week again. We can ssh into level 0 with the following command: ssh …

Natas20

Challange:After logging in we see the same message as a couple challanges ago: You are logged in as a regular user. Login as an admin to retrieve credentials for natas21. After having a look at the sourcecode I could not find something special. Lets input some names. The value of …

Natas19

Challange:After logging in we are greeted with the following message: This page uses mostly the same code as the previous level, but session IDs are no longer sequential… So lets check what the PHPSESSID value is now. This can be done by going to your cookies in your browser, Press …