Zico2 Walkthrough

Here we go. Walkthrough for Zico2 is happening in 3….2….1. ****Spoiler Alert**** ****Spoiler Alert**** For me this was a sleeper of a CTF. I had the box right up to a low privilege shell in a matter of minutes, but popping a shell and escalating from there took much longer than I anticipated. It was a very informative and fun VM. Let’s get to crack’n! Initial Nmap shows HTTP, SSH, & RPC:

Continue reading

After completing Bulldog-2 I had to take a shot at the original Bulldog-1. How did it fare to the sequel? Let’s find out! ****Spoiler Alert**** ****Spoiler Alert**** Ennumeration of this box initially showed some interesting things to keep in mind: The first as seen above is that well-known services (like SSH), will not always show up on their associated port, and can be assigned at the admin’s whimsy. Although that doesn’t mean it’s any less detectable.

Continue reading

Bulldog2 Walkthrough

This is a walkthrough of the CTF machine “Bulldog2” on Vulnhub. For me this was a challenging VM to beat! I like one’s like these because they challenge me while still being enjoyable. ****Spoiler Alert**** ****Spoiler Alert**** So after initial bootup we grab the IP and perform the obligatory nmap scan: Looks like slim pickings with a single website. Let’s take a look at Bulldog.social: Nice. Another social media site selling data to vendors.

Continue reading

Toppo Walkthrough

This is a walkthrough of the CTF machine “Toppo” on Vulnhub. It’s an easy machine so I thought that would make a good first post here :) ****Spoiler Alert**** ****Spoiler Alert**** So after an nmap -A we get the following output: A short visit to the site on port 80 reveals a no frills blog, so we run Nikto for some additional information: An admin directory with indexing enabled could be interesting.

Continue reading

Author's picture

The NullCereal Blog

Jake’s Nerdy News and Security Topics

There is a Jake

In us all