HackTheBox
En este CTF que es para beginners de dificultad facil para a estar explotanto una vulnerabilidad de un servicio que corre la maquina que es vulnerable a SQLI ademas tendremos que aprovecharnos de que podemos correr un comando como root y asi poder convertirnos en ese usuario
Tenemos que explotar 5 binarios que son todos los que te ofrece la maquina van por niveles en total son 5 los binarios que se tienen que explotar para esto vamos a utilizar gdb con peda instalado y ghidra para decompilar el codigo vamos a estar usando algunas tecnicas conocidas este es reto para las personas interesadas en aprender sobre BufferOverflow es por eso que se llama for Begginers
Mr Robot is a quick and fun Medium CTF for beginners where we have to use a dictionary to find the password and log in to the service with a character of Mr Robot after that we have to modify the 404 template to win access to the machine for root we will abuse SUID privileges
RootMe is a quick and fun easy CTF for beginners where we have to upload a php file to receive a reverse shell and use python to be root
Active is a quick and fun medium box where we have to do SMB enumeration to obtain credentials of a valid user in the dc and Kerberoasting to receive a ticket to crack this ticket is for the administrator user
SolidState is a quick and fun medium box where we’re going to exploit a vulnerability of the service Apache James after that we’re goint to change the credentials of many users of the machine to see through an email from a user of the machine we found credentials to be able to connect via ssh and to be root we have to abuse cron jobs.
Chatterbox is a medium and windows machine where’re goint to exploit a buffer overflow to win access to the machine also we’re going to use Icacls to see the root flag, this machine has another way to be solved but I will show the quickest way to solve it
October is a fun medium linux box where’re going to upload a php5 reverse shell to win access and to be root we have to exploit a Buffer Overflow.
Grandpa is a quick and fun easy box where’re goint to exploit Microsoft IIS 6.0 with a Remote buffer overflow script and also we’re use the churrasco script to be nt authority system.
Tabby is fun and easy box where have to abuse of a LFI after that of Tomcat Host manager and create a malicious war also for root abuse of the LXC