sobota, 18 maja 2019

Quick review of my CTFs

Below you will find a quick summary for the CTF games I described on the blog.
CTF game can be a good (source of) an example(s) of environment (or 'scenario') you can find during some pentests. Because sometimes you will use 'similar' technique or tool - I decided to create a small summary for the CTF games described on the blog. Below you will find the table with the games, tools and links to particular cases/VMs. Maybe you will find it useful...


 Date            CTF              Tags
29.03.2019 - Born2Root - portscan, webshell, privesc
28.03.2019 - FourAndSix:2 - portscan, showmount, post enumeration, zip password cracking, ssh key reuse, suids, privesc
28.03.2019 - FourAndSix:1 - portscan, showmount, post enumeration, binwalk, privesc
25.03.2019 - Stack Overflows for Beginners - gdb, IDA Pro, suids, binary, privesc, msfvenom
25.03.2019 - RootThis - content discovery, post enumeration, zip password cracking, webshell, drupal, privesc 
23.03.2019 - LazySysAdmin - portscan, content discovery, smb, post enumeration, privesc 
13.03.2019 - DC1:1 -   drupal, webshell, suids, privesc
12.03.2019 - Temple Of Doom - portscan, nodejs, revshell, post enumeration, privesc 
10.03.2019 - MinU:1 - portscan, content discovery, lfi, webshell, jwt cracking, privesc
08.03.2019 - Fowsniff - info leak, password cracking, post enumeration, privesc
07.03.2019 - HackDay Albania - portscan, content discovery, sql injection, webshell, suids, privesc 
03.03.2019 - SolidState - portscan, content discovery, apache james, post enumeration, suids, privesc 

24.02.2018 - Zico2 - lfi, content discovery, info leak, sql injection, webshell, msfvenom, suids, privesc     
17.02.2019 - Sleepy - porstscan, jwdp, apache jserv, tomcat, jdb, post enumeration, info leak, msfvenom, webshell, suids, binary, privesc
09.01.2019 - Jarbas - portscan, jetty, jenkins, content discovery, revshell, webshell, cron, privesc

09.01.2019 - DerpNStink -    portscan, content discovery, wordpress, webshell, post enumeration, hash cracking, ssh key reuse, suids, tcpdump, privesc
08.01.2019 - Depth - portscan, content discovery, webshell, revshell, privesc     
07.01.2019 - Simple - content discovery, cutenews, revshell, msfvenom, privesc 
30.12.2018 - Typhoon - portscan, content discovery, phpmyadmin, webshell, post enumeration, redis, privesc   
29.12.2018 - Sedna -   portscan, content discovery, builderengine, webshell, post enumeration, suids, privesc, chkrootkit
28.12.2018 - Command Injection - portscan, content discovery, zenoss, webshell, splunk, revshell
21.11.2018 - Matrix - web developer tools, portscan, content discovery, ssh enum, privesc, suids
06.11.2018 - Freshly -   sql injection, wordpress, webshell, msfvenom, post enumeration, phpmyadmin, privesc   
30.09.2018 - Node:1 -   portscan, node.js, api, hash cracking, post enumeration, mongodb, privesc, zip password cracking, privesc
14.08.2018 - PwnLab: init - portscan, content discovery, lfi, post enumeration, webshell, revshell, binary, suids, privesc   
17.07.2018 - in.security -   portscan, rpc, showmount, privesc, password cracking   
17.07.2018 - Zorz - upload bypass, webshell   
17.08.2018 - Quaoar - portscan, content discovery, wordpress, webshell, privesc   
07.07.2018 - Nineveh - portscan, content discovery, webshell, web-post password cracking, sql injection, revshell, post enumeration, ssh key reuse, chkrootkit, suids, privesc
26.06.2018 - Csharp: VulnJson -   portscan, content discovery, binary, sql injection,web, pentest, ctf, writeup    
25.06.2018 - billu b0x - content discovery, portscan, post enumeration, phpmyadmin, privesc, web, pentest, ctf, writeup     
29.04.2018 - OwlNext - portscan, content discovery, revshell, post enumeration, binary, privesc, web, pentest, RE, writeup, ctf 
08.03.2018 - Kevgir - portscan, content discovery, joomla, jenkins, phpmyadmin, info leak, lfi, webshell, revshell, suids, privesc,  pentest, ctf, writeup    
07.03.2018 - Mr.Robot -   portscan, content discovery, wordpress, post enumeration, webshell, revshell, privesc, pentest, ctf, writeup
05.03.2018 - Dina -   content discovery, post enumeration, zip password cracking, webshell, privesc, pentest, ctf, writeup    
04.03.2018 - Gibson -   portscan, content discovery, suids, privesc, binwalk, zip password cracking, pentest, ctf, writeup    
03.03.2018 - Droopy -   drupal, content discovery, webshell, revshell, post enumeration, truecrack, privesc,  pentest, ctf, writeup
01.03.2018 - DC416 -   content discovery, webshell, info leak, pentest, ctf, writeup    
27.01.2018 - Brainpan2 - portscan, content discovery, suids, privesc, binary, pentest, ctf, writeup    
26.01.2018 - Pegasus - content discovery, revshell, post enumeration, suids, privesc, pentest, ctf, writeup    
23.01.2018 - Bulldog - content discovery, webshell, hash password cracking, revshell, suids, privesc, pentest, ctf, writeup    
22.01.2018
- SkyTower -   portscan, sql injection, content discovery, info leak, webshell, proxychains, privesc, pentest, ctf, writeup
23.10.2017 - Protostar
([1, 23, 4, 5]) -   binary, suids, privesc, binary, RE, ctf, pentest
27.05.2017 - Offline CTFs -   binary, suids, privesc, binary, RE, ctf, pentest    
13.01.2017 - Kvasir - portscan, content discovery,  revshell, pivot, web, privesc, pentest, web, writeup, ctf    
16.09.2016 - Tr0ll - portscan, content discovery,  revshell, web, privesc, ctf, pentest, web    
13.09.2016 - NullByte -   portscan, content discovery,  revshell, web, privesc, ctf, pentest, web    
11.09.2016 - 6days Labs -   portscan, content discovery,  revshell, web, privesc, ctf, pentest, web    
09.09.2016 - Lord of the Root -   portscan, content discovery,  revshell, web, privesc, ctf, pentest, web    
05.09.2016 - Bitbot - portscan, content discovery,  revshell, web, privesc, ctf, pentest, web     

16.08.2016 - Axis2 - portscan, content discovery,  revshell, web, privesc, ctf, pentest, web    
23.05.2016 - Smash the Tux -   portscan, content discovery,  revshell, web, privesc, ctf, pentest, web    
22.05.2016 - Seattle - portscan, content discovery,  revshell, web, privesc, ctf, pentest, web    
21.05.2016 - Pentesters Lab -   portscan, content discovery,  revshell, web, privesc, ctf, pentest, web    


(I'll try to update the list and taglinks as soon as possible... :))


In case of any questions - feel free to ask me.

Hope you enjoy it.

Cheers




Brak komentarzy:

Prześlij komentarz