I’ve decided to start a series of blog posts with write ups from Vuln Hub to keep my skills up to date, and learn more offensive techniques.
The first step was to use nmap which revealed the presence of various open ports and in particular port 80 (HTTP).
nmap -sS -T5 192.168.74.134
Nmap scan report for 192.168.74.134
Host is up (0.00018s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
631/tcp open ipp
3306/tcp open mysql
The other week me and a team from Abertay University went to Edinburgh for a CTF hosted by SIGINT. The CTF was a jeopardy style CTF with various categories of challenges such as Binary Exploitation, Reverse Engineering, Web Challenges and more. Unfortunately as there was a team limit of four, I was unable to join the team from my university and was placed with another team.
I decided I’d post a blog post on some of the challenges I undertook, and how I solved them. I have not included answers to the trivia and other simpler challenges which we solved as a team. This blog post address’s one of the web challenges and the RBS bank safe challenge that I completed. (more…)