This was a pretty straightforward machine that required minimal alterations to the exploits - once you found them anyway :) Nmap scan shows only a few ports open: > 22/tcp open ssh syn-ack ttl 63 OpenSSH 7.2p2 Ubuntu 4ubuntu2.6 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 e2:1b:88:
Chaos was a bit tricky for me but I learned some things which is always good :) Nmap results: > PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.34 ((Ubuntu)) |_http-server-header: Apache/2.4.34 (Ubuntu) |_http-title: Site doesn't have a title (text/html). 110/tcp open pop3
The first version [https://t3chnocat.com/rubber-ducky-wifi-grabber/] of my Rubber Ducky script to exfil wifi passwords via POST dumped each wifi profile as a XML file then sent the desired fields as a POST request. This works pretty well but with separate POST requests for each wifi profile I found
This was a fun box - I knew what LDAP was but had never really used it so it was cool to learn something. Nmap scan showed: > 22/tcp open ssh OpenSSH 7.4 (protocol 2.0) | ssh-hostkey: | 2048 19:97:59:9a:15:fd:d2:ac:bd:84:73:
In the spirit of giving back to the community, I'm sharing some simple bash scripts I wrote that make life easier and save time whether you are in the OSCP labs, HackTheBox or playing around with CTFs. TL:DR; STFU gimme scripts [https://github.com/t3chnocat/oscp-ctf] Explanations for the