Nooff's Cyber Blog

A small VM made for a Dutch informal hacker meetup called Fristileaks. Meant to be broken in a few hours without requiring debuggers, reverse engineering, etc.. Overview FristiLeaks is a basic Linux machine from Vulnhub. It’s a puzzle-styled challenge, testing your technical cybersecurity skills, critical thinking capabilities and endurance. We start by discovering an admin login page on a web server. We find some clues in the source code, that lead us to a pair of credentials. Next, we get a shell by bypassing file upload restrictions. Once inside, we abuse code execution capability of custom binary and decrypt encoded passwords for other users for lateral movement. We get root access by abusing our user’s sudo permissions.

Tr0ll was inspired by the constant trolling of the machines within the OSCP labs. The goal is simple, gain root and get Proof.txt from the /root directory. Not for the easily frustrated! Fair warning, there be trolls ahead! Overview Tr0ll 1 is a beginner Linux machine from Vulnhub. This box plays with several basic cybersecurity concepts, which makes it perfect for OSCP prep. Warning: you might get a bit frustrated :D! We start by enumerating FTP service and analyzing network traffic PCAP file, which leads into a dead end. Next, we enumerate Apache web server, crawling through different directories while getting constantly trolled along the way. Eventually, we find a valid pair of credentials for SSH. Once inside, we discover 2 paths to Root. Either we abuse writable cronjob, which we modify in a way it gives us full privileges, or we exploit outdated Linux kernel version, getting Root shell.

Here we have a vulnerable Linux host with configuration weaknesses rather than purposely vulnerable software versions (well at the time of release anyway!). The goal; boot up, find the IP, hack away and obtain the trophy hidden away in /root by any means you wish. Overview Vulnix is an intermediate Unix-style machine from Vulnhub. This is a very old box, focusing mainly on configuration weaknesses rather than unpatched software vulnerabilities. We start by performing enumeration on multiple running services, like SMTP and NFS. We mount a directory from Vulnix to our machine and replicate the owner user to gain write access. Then we add our RSA public key to the whitelist of allowed hosts and login into the machine via SSH. Once inside, we get access to the NFS configuration file and modify “root_squash” security feature. That allows us to upload the Bash binary to the target machine with the SUID bit set. Running it gives us the root shell and full control over the Vulnix box.

Based on the show, Mr. Robot. This VM has three keys hidden in different locations. Your goal is to find all three. Each key is progressively difficult to find. The VM isn’t too difficult. There isn’t any advanced exploitation or reverse engineering. The level is considered beginner-intermediate. Overview Mr. Robot is a beginner-intermediate Linux machine from Vulnhub. It’s based on the show Mr. Robot and has some cool references to it. We start with enumeration of a Wordpress website. We discover an exposed login page and encoded credentials. Once we get into dashboard, we modify a template and gain remote access. Next, we compromise another user by cracking his hash and getting his password. We discover that Nmap has SUID bit set on the machine, which is very insecure because of Nmap’s functionality. We get 3 flags along the way: 1. on special website page, 2. as user flag and 3. as root flag.