This is a walkthrough of the CTF machine “Gemini2” on Vulnhub. A tough VM, with lots of learning potential!
****Spoiler Alert**** ****Spoiler Alert**** I seem to always be doing these CTFs in reverse order. I’ll be going back to do GeminiV1 after this, but for me this was very challenging and fun. I learned from both a web application and privilege escalation perspective as this one seemed to be very real-world based.
Here we go. Walkthrough for Zico2 is happening in 3….2….1.
****Spoiler Alert**** ****Spoiler Alert**** For me this was a sleeper of a CTF. I had the box right up to a low privilege shell in a matter of minutes, but popping a shell and escalating from there took much longer than I anticipated. It was a very informative and fun VM. Let’s get to crack’n!
Initial Nmap shows HTTP, SSH, & RPC:
After completing Bulldog-2 I had to take a shot at the original Bulldog-1. How did it fare to the sequel? Let’s find out!
****Spoiler Alert**** ****Spoiler Alert**** Ennumeration of this box initially showed some interesting things to keep in mind:
The first as seen above is that well-known services (like SSH), will not always show up on their associated port, and can be assigned at the admin’s whimsy. Although that doesn’t mean it’s any less detectable.
This is a walkthrough of the CTF machine “Bulldog2” on Vulnhub. For me this was a challenging VM to beat! I like one’s like these because they challenge me while still being enjoyable.
****Spoiler Alert**** ****Spoiler Alert**** So after initial bootup we grab the IP and perform the obligatory nmap scan:
Looks like slim pickings with a single website. Let’s take a look at Bulldog.social:
Nice. Another social media site selling data to vendors.
This is a walkthrough of the CTF machine “Toppo” on Vulnhub. It’s an easy machine so I thought that would make a good first post here :)
****Spoiler Alert**** ****Spoiler Alert**** So after an nmap -A we get the following output: A short visit to the site on port 80 reveals a no frills blog, so we run Nikto for some additional information: An admin directory with indexing enabled could be interesting.