VulnHub Momentum 2 is a medium level boot2root CTF challenge, where you have to perform some code reviews very thoroughly and exploit an unrestricted file upload vulnerability in order to gain access.
Let’s begin with finding the IP of the VM. I used Nmap for this purpose.
VulnHub BlueMoon (https://www.vulnhub.com/entry/bluemoon-2021,679/) is an easy level boot2root CTF challenge, where you have to grab 3 flags on your way towards root. Let us begin with finding the IP of the box.
Nmap was used to find the IP of the BlueMoon VM as follows.
Reverse Engineering is used by security professionals for static malware analysis in order to extract useful information of the malware when creating it, such as metadata , embedded resources , encryption keys , headers etc. Many tools are used to reverse engineer malware such as disassemblers , debuggers , PE viewers and network analyzers.
This article is a write-up on TryHackMe’s Basic Malware RE room (https://tryhackme.com/room/basicmalwarere) where you have to reverse engineer some sample malware and capture the flags.
This article is based on exploiting a simple buffer overflow in Windows using Vulnserver. If you don’t have an idea about buffer overflows, read my previous article about exploiting a Linux buffer overflow here, https://ravi5hanka.medium.com/privilege-escalation-in-linux-via-a-local-buffer-overflow-dcee4f9b4a49
In the victim, install immunity debugger and extract the contents of Vulnserver zip. Then run Vulnserver.exe as administrator.
VulnHub FristiLeaks(https://www.vulnhub.com/entry/fristileaks-13,133/) is a boot2root CTF challenge where you have to exploit an unrestricted file upload vulnerability, and put your efforts on some sort of decoding skills on the way towards obtaining the root flag.
After downloading the vm from vulnhub, ensure that the network is set to bridged mode and, if you are using vmware, you need to assign the given mac address(08:00:27:A5:A6:76) manually in network settings. If all the things are set correctly, you will be able to see machine IP address on the screen as follows.
Spectra is a BOOT2ROOT CTF challenge which checks your skills on exploiting user mistakes , WordPress exploitation and basic privilege escalation.
First of all, fire-up your pentesting machine and connect to HackTheBox network via openvpn. Let us begin with the traditional nmap scan.