Cerberus - HackTheBox
Una máquina desafiante en la que explotaremos un Icinga Web 2 y abusaremos de Firejail como también de un remote port forwarding.
Artículos por año
2023
Cerberus - HackTheBox
GamingServer - TryHackMe
Can you gain access to this gaming server built by amateurs with no experience of web development and take advantage of the deployment system.
Soccer - HackTheBox
This CTF focuses on success through enumeration.
Escape - HackTheBox
Medium-level machine, where the ‘SQL Server management studio’ tool is exploited, in addition to making use of vulnerable certificates for privilege escalation.
Bagel - HackTheBox
A box of medium difficulty in which concepts such as: Json attacks, code analysis, script creation, etc. are presented.
Opacity - TryHackMe
Opacity is an easy machine that can help you in the penetration testing learning process. There are 2 hash keys located on the machine (user - local.txt and root - proof.txt). Can you find them and become root?
Interface - HackTheBox
A box that sees a lot of fuzzing, plus exploits targeting ‘dompdf’ with relatively easy privilege escalation.
Flight - HackTheBox
Hard box in which the Windows ‘smb’ service is listed, as well as using password cracking techniques, RFI, Port Forwarding, etc.
Sunset Solstice - VulnHub
In this machine, we will learn about LFI (Local File Inclusion) and How to create an exploit or poisoning via apache access.log (apache log poisoning through lfi). For Privilege Escalation is how to change index.php codes to PHP simple reverse shell script on the webserver.
Matrix 1 - VulnHub
Difficulty: Intermediate Flags: Your Goal is to get root and read /root/flag.txt
Djinn 3 - VulnHub
Intermediate level machine. The objective is to obtain the root flag. An SSTI is handled and there is Python code analysis involved.
Kenobi - TryHackMe
This room will cover accessing a Samba share, manipulating a vulnerable version of proftpd to gain initial access and escalate your privileges to root via an SUID binary.
Cereal 1 - VulnHub
Difficulty: Medium… This is simply a learning step which everyone at some point crosses. This box is probably hard though – it’s certainly not for beginners. I hope you learn something new. Take your time. Have patience. And take time to learn about the environment once you pop the initial shell.
Shuriken 1 - VulnHub
Difficulty: easy/medium… Keep in mind it’s still just a CTF. It’s meant to be rather easy. Can you take advantage of the misconfigurations made by The Shuriken Company? See you in the root.
Hacker Kid - VulnHub
Difficulty: Easy/Medium (Intermediate) This box is OSCP style and focused on enumeration with easy exploitation.The goal is to get root.No guessing or heavy bruteforce is required and proper hints are given at each step to move ahead.
Awkward - HackTheBox
Difficulty: Medium… The machine presents several technical challenges, including web application enumeration, exploiting an SSRF vulnerability, obtaining credentials and privilege escalation. Overall, ‘Awkward’ is a challenging machine that requires a combination of enumeration, research, scripting and exploitation skills to complete successfully.
Squashed - HackTheBox
Easy-level machine, a quiet interesting machine that is actually realistic. Squashed abuses a couple of NFS shares in a nice introduction to NFS.
Tr0ll 1 - VulnHub
Tr0ll was inspired by the constant trolling of the machines within the OSCP labs. The goal is simple, gain root and get Proof.txt from the /root directory. Not for the easily frustrated! Fair warning, there be trolls ahead!
Presidential 1 - VulnHub
Your goal is to see if you can gain root access to the server – the state is still developing their registration website but has asked you to test their server security before the website and registration system are launched.
Dogcat - TryHackMe
(Difficulty: Medium) A website where you can look at pictures of dogs and/or cats! Exploit a PHP application via LFI and break out of a docker container.
Tomato 1 - VulnHub
Medium difficulty machine in which an LFI is exploited, gaining access to the SSH log and using a not so common privilege escalation method.
Symfonos 5 - VulnHub
Beginner real life based machine designed to teach people the importance of understanding from the interior.
Blog - TryHackMe
Billy Joel made a blog on his home computer and has started working on it. It’s going to be so awesome! Enumerate this box and find the 2 flags that are hiding on it! Billy has some weird things going on his laptop. Can you maneuver around and get what you need? Or will you fall down the rabbit hole…
Symfonos 3 - VulnHub
Intermediate real life based machine designed to test your skill at enumeration. If you get stuck remember to try different wordlist, avoid rabbit holes and enumerate everything thoroughly. SHOULD work for both VMware and Virtualbox.
Cyborg - TryHackMe
A box involving encrypted archives, source code analysis and more.
BlackMarket - VulnHub
BlackMarket VM presented at Brisbane SecTalks BNE0x1B (28th Session) which is focused on students and other InfoSec Professional. This VM has total 6 flag and one r00t flag. Each Flag leads to another Flag and flag format is flag{blahblah}. Difficulty: Beginner/Intermediate
Corrosion 1 - VulnHub
The goal of this capture the flag is to gain root access to the target machine. The difficulty level is marked as easy. As a hint, it is mentioned that enumerating properly is the key to solving this CTF. Prerequisites would be knowledge of Linux commands and the ability to run some basic pentesting tools.
Jason - TryHackMe
We are Horror LLC, we specialize in horror, but one of the scarier aspects of our company is our front-end webserver. We can’t launch our site in its current state and our level of concern regarding our cybersecurity is growing exponentially. We ask that you perform a thorough penetration test and try to compromise the root account. There are no rules for this engagement. Good luck!
Difficulty: Medium Hint: Enumeration is key.
Try to exploit our image gallery system
Venom - VulnHub
This machine was created for the OSCP Preparation.This box was created with virtualbox. Enumeration is the Key.
Team - TryHackMe
A beginner friendly box that teaches the importance of doing your enumeration well. It starts of by finding a virtual host(vhost) that leads you to a dead end(a bootstrap themed webpage).
Cheesey CheeseyJack - VulnHub
Cheeseyjack aims to be an easy to medium level real-world-like box. Everything on this box is designed to make sense, and possibly teach you something. Enumeration will be key when attacking this machine. Hint: A cewl tool can help you get past a login page.
Darkhole 1 - VulnHub
Difficulty: Easy It’s a box for beginners, but not easy, Good Luck Hint: Don’t waste your time For Brute-Force
Can you get access and get both flags? Good Luck!.
Cloud Anti-Virus Scanner! is a cloud-based antivirus scanning service. Currently, it’s in beta mode. You’ve been asked to test the setup and find vulnerabilities and escalate privs. Difficulty: Easy
2022
Shoppy - HackTheBox
Shoppy was one of the easier HackTheBox weekly machines to exploit, though identifying the exploits for the initial foothold could be a bit tricky.
Ambassador - HackTheBox
The hack the box ambassador is a medium-level Linux Web Exploitation machine that has a few CVEs.
Hack Me Please:1 - VulnHub
Difficulty: Easy
Description: An easy box totally made for OSCP. No bruteforce is required.
Aim: To get root shell
Symfonos:1 - VulnHub
Beginner real life based machine designed to teach a interesting way of obtaining a low priv shell. SHOULD work for both VMware and Virtualbox. - Name: symfonos: 1 - Difficulty: Beginner - Tested: VMware Workstation 15 Pro & VirtualBox 6.0 - DHCP Enabled
Momentum:1 - VulnHub
Info: easy / medium
ICA 1 - VulnHub
According to information from our intelligence network, ICA is working on a secret project. We need to find out what the project is. Once you have the access information, send them to us. We will place a backdoor to access the system later. You just focus on what the project is. You will probably have to go through several layers of security. The Agency has full confidence that you will successfully complete this mission. Good Luck, Agent!
Durian:1 - VulnHub
Difficulty: Hard Tested: VMware Workstation 15.x Pro (This works better with VMware rather than VirtualBox) Goal: Get the root shell i.e.(root@localhost:~#) and then obtain flag under /root).
Wonderland - TryHackMe
This was an easy Linux machine that involved performing content discovery against a web application to identify the SSH password of a user to obtain initial access and exploit various vulnerable Linux binary to escalate privileges to root.
Ignite - TryHackMe
Ignite is an easy machine in TryHackMe in which we’ll use basic enumeration, learn more about FUEL CMS and how to explore it to gain access to the server.
Vulnversity - TryHackMe
This machine mainly focused on active recon, web app attacks, and privilege escalation.
Brute It - TryHackMe
Brute It a beginner-friendly challenge by TryHackMe. It is separated into three tasks reconnaissance, getting a shell, and privilege escalation with questions along the way to guide you throughout the engagement. It is a bit more hand-holding but was a fun challenge nonetheless. This box requires you to brute force, crack hashes, and escalate privileges to root.
StartUp - TryHackMe
Startup is a boot2root challenge available on TryHackMe. This is an easy level box which includes compromising a web server by uploading our web shell via FTP and then exploiting a cronjob to get the root shell.
RootMe - TryHackMe
A ctf for beginners, can you root me?
Simple CTF - TryHackMe
Simple CTF is just that, a beginner-level CTF on TryHackMe that showcases a few of the necessary skills needed for all CTFs to include scanning and enumeration, research, exploitation, and privilege escalation.
Mr Robot CTF - TryHackMe
Mr. Robot CTF is a Mr. Robot-themed room on TryHackMe. It involves basic recon and it will give you a start on WordPress vulnerabilities if you are new to Web exploitation (WordPress Vulnerability → Reverse Shell).
OverPass - TryHackMe
TryHackMe’s Overpass room is an easy-level room involving a cookie authentication bypass, John the Ripper, crontabs, and hosts editing to go from an nmap scan to root access on a target machine.
Bounty Hacker - TryHackMe
TryHackMe’s Bounty Hacker room is an easy room that involves FTP, bruteforcing, SSH, and privilege escalation to go from a scan to root.
Lazy Admin - TryHackMe
Easy linux machine to practice your skills_. Have some fun! There might be multiple ways to get user access.
Agent Sudo - TryHackMe
Agent Sudo is an Easy room on Tryhackme created by Deskel. This machine requires enumeration, hash cracking, steganography, and Privilege Escalation.
Basic Pentesting - TryHackMe
“Basic Pentesting” is a beginner level pentesting room in TryHackMe which covers very basic pentesting techniques.