Newrouge CTF

Pandora Machine(10.10.11.136) Info: This was an easy machine from HackTheBox, where i first time encountered SNMP. Then we had to exploit PandoraFMS, most interesting part of box, to get further control and PATH hijacking for privilege escaltion. Nothing too fancy still teaches a lot about manual testing. Recon: Starting with port scan, we get two open ports. $ nmap -T4 10.10.11.136 Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-18 21:11 IST Stats: 0:00:26 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan Connect Scan Timing: About 85.17% done; ETC: 21:11 (0:00:05 remaining) Nmap scan report for 10.10.11.136 Host is up (0.50s latency). Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http $ nmap -A -p22,80 -T4 10.10.11.136 Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-18 21:12 IST Nmap scan report for 10.10.11.136 Host is up (0.38s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (U...

  Unicode Machine(10.10.11.126) Info: This was fun medium linux box where i learned about decompyling python binaries, unicode normalization and bash expansion attack to bypass white spaces filter. It had many things from JWT forging to LFI to command injection. Let's dive in! Recon: Starting with nmap port scan we 2 open ports $ nmap -T4 10.10.11.126 Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-07 21:53 IST Stats: 0:00:36 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan Connect Scan Timing: About 96.10% done; ETC: 21:54 (0:00:02 remaining) Nmap scan report for 10.10.11.126 Host is up (0.41s latency). Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http $ nmap -A -p22,80 -T4 10.10.11.126 Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-07 21:54 IST PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) 80/tcp open http nginx 1.18.0 (Ubuntu) |_http-server-header:...

Search Machine(10.10.11.129) Info: This was a hard windows box from HackTheBox which focused on windows Active Directory Pentesting, we will to enumerate valid users through kerberos then crack some passwords then find some certs then crack those certs then do privilege escalation by Reading password GMSA account password and reset admin account password through that and get root. This was yet another my faviourte box from htb learned so many things about pentesting Active Directory machines. How kerberosating, Kerberos, bloodhound, impacket and msrpc things work. Looking forward to doing more windows machine. Ps: I did this box after it retired and had access to ippsec video and 0xdf blog and I'm thankful to them for their work so that we can learn new stuffs. Recon: Starting with nmap port scan we get many multiple open ports as expected from windows Active Directory Machines. $ nmap -p- --min-rate 10000 10.10.11.129 Starting Nmap 7.80 ( https://nmap.org ) at 20...