Below you will find a quick summary for the CTF games I described on the blog.
CTF game can be a good (source of) an example(s) of environment (or 'scenario') you can find during some pentests. Because sometimes you will use 'similar' technique or tool - I decided to create a small summary for the CTF games described on the blog. Below you will find the table with the games, tools and links to particular cases/VMs. Maybe you will find it useful...
Date CTF Tags
29.03.2019 - Born2Root - portscan, webshell, privesc
28.03.2019 - FourAndSix:2 - portscan, showmount, post enumeration, zip password cracking, ssh key reuse, suids, privesc
28.03.2019 - FourAndSix:1 - portscan, showmount, post enumeration, binwalk, privesc
25.03.2019 - Stack Overflows for Beginners - gdb, IDA Pro, suids, binary, privesc, msfvenom
25.03.2019 - RootThis - content discovery, post enumeration, zip password cracking, webshell, drupal, privesc
23.03.2019 - LazySysAdmin - portscan, content discovery, smb, post enumeration, privesc
13.03.2019 - DC1:1 - drupal, webshell, suids, privesc
12.03.2019 - Temple Of Doom - portscan, nodejs, revshell, post enumeration, privesc
10.03.2019 - MinU:1 - portscan, content discovery, lfi, webshell, jwt cracking, privesc
08.03.2019 - Fowsniff - info leak, password cracking, post enumeration, privesc
07.03.2019 - HackDay Albania - portscan, content discovery, sql injection, webshell, suids, privesc
03.03.2019 - SolidState - portscan, content discovery, apache james, post enumeration, suids, privesc
24.02.2018 - Zico2 - lfi, content discovery, info leak, sql injection, webshell, msfvenom, suids, privesc
17.02.2019 - Sleepy - porstscan, jwdp, apache jserv, tomcat, jdb, post enumeration, info leak, msfvenom, webshell, suids, binary, privesc
09.01.2019 - Jarbas - portscan, jetty, jenkins, content discovery, revshell, webshell, cron, privesc
09.01.2019 - DerpNStink - portscan, content discovery, wordpress, webshell, post enumeration, hash cracking, ssh key reuse, suids, tcpdump, privesc
08.01.2019 - Depth - portscan, content discovery, webshell, revshell, privesc
07.01.2019 - Simple - content discovery, cutenews, revshell, msfvenom, privesc
30.12.2018 - Typhoon - portscan, content discovery, phpmyadmin, webshell, post enumeration, redis, privesc
29.12.2018 - Sedna - portscan, content discovery, builderengine, webshell, post enumeration, suids, privesc, chkrootkit
28.12.2018 - Command Injection - portscan, content discovery, zenoss, webshell, splunk, revshell
21.11.2018 - Matrix - web developer tools, portscan, content discovery, ssh enum, privesc, suids
06.11.2018 - Freshly - sql injection, wordpress, webshell, msfvenom, post enumeration, phpmyadmin, privesc
30.09.2018 - Node:1 - portscan, node.js, api, hash cracking, post enumeration, mongodb, privesc, zip password cracking, privesc
14.08.2018 - PwnLab: init - portscan, content discovery, lfi, post enumeration, webshell, revshell, binary, suids, privesc
17.07.2018 - in.security - portscan, rpc, showmount, privesc, password cracking
17.07.2018 - Zorz - upload bypass, webshell
17.08.2018 - Quaoar - portscan, content discovery, wordpress, webshell, privesc
07.07.2018 - Nineveh - portscan, content discovery, webshell, web-post password cracking, sql injection, revshell, post enumeration, ssh key reuse, chkrootkit, suids, privesc
26.06.2018 - Csharp: VulnJson - portscan, content discovery, binary, sql injection,web, pentest, ctf, writeup
25.06.2018 - billu b0x - content discovery, portscan, post enumeration, phpmyadmin, privesc, web, pentest, ctf, writeup
29.04.2018 - OwlNext - portscan, content discovery, revshell, post enumeration, binary, privesc, web, pentest, RE, writeup, ctf
08.03.2018 - Kevgir - portscan, content discovery, joomla, jenkins, phpmyadmin, info leak, lfi, webshell, revshell, suids, privesc, pentest, ctf, writeup
07.03.2018 - Mr.Robot - portscan, content discovery, wordpress, post enumeration, webshell, revshell, privesc, pentest, ctf, writeup
05.03.2018 - Dina - content discovery, post enumeration, zip password cracking, webshell, privesc, pentest, ctf, writeup
04.03.2018 - Gibson - portscan, content discovery, suids, privesc, binwalk, zip password cracking, pentest, ctf, writeup
03.03.2018 - Droopy - drupal, content discovery, webshell, revshell, post enumeration, truecrack, privesc, pentest, ctf, writeup
01.03.2018 - DC416 - content discovery, webshell, info leak, pentest, ctf, writeup
27.01.2018 - Brainpan2 - portscan, content discovery, suids, privesc, binary, pentest, ctf, writeup
26.01.2018 - Pegasus - content discovery, revshell, post enumeration, suids, privesc, pentest, ctf, writeup
23.01.2018 - Bulldog - content discovery, webshell, hash password cracking, revshell, suids, privesc, pentest, ctf, writeup
22.01.2018 - SkyTower - portscan, sql injection, content discovery, info leak, webshell, proxychains, privesc, pentest, ctf, writeup
23.10.2017 - Protostar ([1, 2, 3, 4, 5]) - binary, suids, privesc, binary, RE, ctf, pentest
27.05.2017 - Offline CTFs - binary, suids, privesc, binary, RE, ctf, pentest
13.01.2017 - Kvasir - portscan, content discovery, revshell, pivot, web, privesc, pentest, web, writeup, ctf
16.09.2016 - Tr0ll - portscan, content discovery, revshell, web, privesc, ctf, pentest, web
13.09.2016 - NullByte - portscan, content discovery, revshell, web, privesc, ctf, pentest, web
11.09.2016 - 6days Labs - portscan, content discovery, revshell, web, privesc, ctf, pentest, web
09.09.2016 - Lord of the Root - portscan, content discovery, revshell, web, privesc, ctf, pentest, web
05.09.2016 - Bitbot - portscan, content discovery, revshell, web, privesc, ctf, pentest, web
16.08.2016 - Axis2 - portscan, content discovery, revshell, web, privesc, ctf, pentest, web
23.05.2016 - Smash the Tux - portscan, content discovery, revshell, web, privesc, ctf, pentest, web
22.05.2016 - Seattle - portscan, content discovery, revshell, web, privesc, ctf, pentest, web
21.05.2016 - Pentesters Lab - portscan, content discovery, revshell, web, privesc, ctf, pentest, web
(I'll try to update the list and taglinks as soon as possible... :))
In case of any questions - feel free to ask me.
Hope you enjoy it.
Cheers
Brak komentarzy:
Prześlij komentarz