rastating.github.io

/dev/random: scream CTF Walkthrough

August 20, 2017

The version of `war-ftpd` that was running seemed to be vulnerable to a buffer overflow (http://www.securityfocus.com/bid/22944/info), but some manual attempts at causing the overflow were unsuccessful; suggesting this may actually be patched or a misidentification.

Continue reading

VulnOS 2 CTF Walkthrough

August 18, 2017

Service DiscoveryA full port scan using masscan (masscan -p 0-65535 10.2.0.104 --rate=500) revealed three open ports: 22, 80 and 6667. Nmap subsequently fingerprinted the services on these ports to be OpenSSH, Apache and ngircd:

Continue reading

Stapler CTF Walkthrough

August 10, 2017

Service DiscoveryRunning a port scan of the top 1000 ports using Nmap (nmap -sS -sV -sC -vv 10.2.0.104) revealed that the machine has a number of different public facing services; one of which Nmap was unable to fingerprint:

Continue reading

Kioptrix Level 4 CTF Walkthrough

August 3, 2017

Service DiscoveryRunning Nmap (nmap -sS -sV -Pn -vv -T4 10.2.0.104) revealed that SSH, Apache and Samba are all running on the host:

Continue reading

Kioptrix Level 3 CTF Walkthrough

August 2, 2017

Exploiting the Web ServerRunning Nmap (nmap -sS -sV -Pn -T4 -vv 192.168.22.131) showed that only two services seemed to be exposed on this machine (SSH and Apache), so I jumped straight in to looking at the web server.

Continue reading
Prev Next