Core dump overflow

Core dump in progress...

My review of Red Team Ops

| Comments

Red Team Ops is a red team course launched by none other than RastaMouse. It was notoriously hard to get a free spot as the labs were full almost of the time since launch. I resorted to checking every day until I found a free seat to pounce on. Without a doubt, I can say it’s been the best training experience I’ve undertaken, and I wanted to leave a more in-depth review. You can find an overview of the course and its syllabus on the official page:

OSCP flash review

| Comments

I’ve finished my OSCP shortly before PWKv2 was released. Since my experience was pre-update, I didn’t want to write a review that might no longer apply. Since then, I’ve purchased the updated course materials, but I haven’t yet gone back to do the newly added machines as well. I decided to write a quick review nonetheless, because I noticed a misconception about what the OSCP is. So I’ll just address those points and not add just another OSCP review for the internet to swallow.

Pond. Analoguepond

| Comments

Today’s VM should be fun, since it’s from knightmare, so we should expect lots of references! I’m also not sure about the actual name of the box, if it’s Analougepond or Analoguepond. A promising start =D

Remember TCP is not the only protocol on the Internet My challenges are never finished with root. I make you work for the flags. The intended route is NOT to use forensics or 0-days, I will not complain either way.

To consider this VM complete, you need to have obtained:

Troll Flag: where you normally look for them

Flag 1: You have it when you book Jennifer tickets to Paris on Pan Am.

Flag 2: It will include a final challenge to confirm you hit the jackpot.

Have root everywhere (this will make sense once you’re in the VM)

User passwords

2 VNC passwords

Best of luck! If you get stuck, eat some EXTRABACON

NB: Please allow 5-10 minutes or so from powering on the VM for background tasks to run before proceeding to attack.


| Comments

Today’s VM is inspired from the OSCP labs and it has 4 flags to collect.

Mr. Derp and Uncle Stinky are two system administrators who are starting their own company, DerpNStink. Instead of hiring qualified professionals to build up their IT landscape, they decided to hack together their own system which is almost ready to go live…

Donkey Docker

| Comments

Today’s target is called DonkeyDocker, so we should expect a Docker component! The level is intermediate to hard.

Hackfest 2016 Orcus

| Comments

Today’s VM is the third machine in the Hackfest series:

This is a vulnerable machine i created for the Hackfest 2016 CTF

Difficulty : Hard


If youre stuck enumerate more! Seriously take each service running on the system and enumerate them more!

Goals: This machine is intended to take a lot of enumeration and understanding of Linux system.

There are 4 flags on this machine 1. Get a shell 2. Get root access 3. There is a post exploitation flag on the box 4. There is something on this box that is different from the others from this series (Quaoar and Sedna) find why its different

GoldenEye 007

| Comments

Today’s VM is inspired by a James Bond movie:

I recently got done creating an OSCP type vulnerable machine that’s themed after the great James Bond film (and even better n64 game) GoldenEye. The goal is to get root and capture the secret GoldenEye codes – flag.txt.

I’d rate it as Intermediate, it has a good variety of techniques needed to get root – no exploit development/buffer overflows. After completing the OSCP I think this would be a great one to practice on, plus there’s a hint of CTF flavor.