Introduction With the network infrastructure already defined in OPNsense with the article above, the next step consists of preparing the virtual machines that will form part of the CTF lab. From this point on, each VM must be correctly integrated into the DMZ and internal networks, respecting the previously established segmentation. Installation of the virtual machines We will perform the installation in VirtualBox of two Debian Linux virtual machines with the smallest number of tools installed since the necessary ones will be installed later. To speed up the installation time, the network version of Debian can be used. The requirements for the machines will be 2 CPU cores, 2 GB of RAM, and 8 GB of storage. ...

Description Puppy is a medium Hack The Box machine that features: Initial access using an assumed breach scenario that leads in a discovery of a SMB share Access to a SMB share by adding the user to a group Recovery of a KeePass database from a SMB share and its password for user pivoting User have GenericAll permission over Remote Management disabled user Enabling previous disabled account to have console access to the system User Pivoting by using credentials found in a backup file Privilege Escalation via a saved credentials in a DPAPI-encrypted file Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.152.233. ...

Description Fluffy is an easy Hack The Box machine that features: Initial access using an assumed breach scenario that leads the discovery of a SMB server that hosts a vulnerabilities report Windows File Explorer Spoofing Vulnerability that allows the capture of other user NTLM hash and the corresponding hash cracking User belonging to a group that has GenericAll permission over other group that has GenericWrite permissions over service accounts One of the service account have remote console access to the system and another is the Certification Authority one Privilege Escalation via ESC16 vulnerability in the certification templates allowing the authentication as Administrator user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.130.70. ...

Description Planning is an easy Hack The Box machine that features: Subdomain Enumeration Grafana authenticated RCE with given credentials User Pivoting via leaked credentials in a Docker container environment variables Privilege Escalation via crontab-ui web application and a stored password Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.142.49. $ ping -c 3 10.129.142.49 PING 10.129.142.49 (10.129.142.49) 56(84) bytes of data. 64 bytes from 10.129.142.49: icmp_seq=1 ttl=63 time=77.4 ms 64 bytes from 10.129.142.49: icmp_seq=2 ttl=63 time=50.9 ms 64 bytes from 10.129.142.49: icmp_seq=3 ttl=63 time=82.6 ms --- 10.129.142.49 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 50.914/70.309/82.646/13.882 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Environment is a medium Hack The Box machine that features: Laravel web application exposing source code in debug mode Changing of Laravel environment variable allows Authentication Bypass Insecure File Upload allows Remote Command Execution Access to GPG encrypted file and key-chain by web-running user reveals credentials of machine’s user Privilege Escalation via a misconfigured SUDO policy Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.26.20. ...

Introduction The Capture The Flag (CTF) have become one of the most effective methods to learn cybersecurity in a practical way. The possibility of facing real challenges in a controlled environment allows students and professionals to experiment with pentesting techniques without risks. In this article, the design of a multi-user CTF-oriented lab is described, built on Oracle VirtualBox and OPNsense, where each participant has a completely isolated environment from the rest. ...

Description TheFrizz is a medium Hack The Box machine that features: Local File Inclusion vulnerability in Gibbon LMS allowing reading application files Arbitrary File Write in Gibbon LMS allowing Remote Command Execution Custom Hash Password Cracking of Gibbon LMS administrator Password Reuse to login by creating a Kerberos ticket Privilege Escalation by abusing the ability of creating new Group Policy Objects Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.245.150. ...

Description Nocturnal is an easy Hack The Box machine that features: Insecure direct object reference in document upload web application that reveals user credentials Source code leakage in administration dashboard that gives access to application database Credentials in the database and password reuse leads in Linux user account login Privilege Escalation via ISPConfig PHP Code Injection vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.127.110. ...

Description Code is an easy Hack The Box machine that features: Python web application interpreter that allows reading sensitive data Password reuse for the Linux system Privilege Escalation via a vulnerable script that allows reading files from root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.33.252. $ ping -c 3 10.129.33.252 PING 10.129.33.252 (10.129.33.252) 56(84) bytes of data. 64 bytes from 10.129.33.252: icmp_seq=1 ttl=63 time=46.4 ms 64 bytes from 10.129.33.252: icmp_seq=2 ttl=63 time=47.2 ms 64 bytes from 10.129.33.252: icmp_seq=3 ttl=63 time=46.7 ms --- 10.129.33.252 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 46.376/46.769/47.205/0.339 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Introduction Modulation by frequency shift (FSK, Frequency Shift Keying) is a digital modulation technique where binary information is transmitted by varying the frequency of a carrier between two or more discrete values. In its simplest form, 2-FSK, a bit 0 is represented with a specific frequency (f0) and a bit 1 with another (f1). This technique is widely used in low-speed wireless communications, such as remote controls, telemetry systems, RFID, and IoT devices. ...