TLDR: We set up a small windows lab with Vagrant.
In the last article we spoke about Infrastructure as Code and DevOps practices to simplify the creation of virtual machines and automate the provisioning process. In this article we’ll actually get our hands dirty and create a test environment using Vagrant, Ansible, and VirtualBox.
So the first thing we need to do is download the required software:
Installing Vagrant isn’t too difficult, just follow the wizard and it’ll add it to your path by default. …
TLDR: What is IaC+DevOps and why you should care.
If you’ve spent any time around the InfoSec or IT community you’ve definitely heard about the importance of home labs. Whether it be a single laptop with VirtualBox or a rack full of servers, labs provide hands-on experience from the comfort of your home. It’s relatively low risk since its not a production system, and even just setting up a home lab offers great knowledge on systems, hardware, virtualization, and more.
However, what happens once you’re past that initial phase of PoCs and test runs? What happens when you want to…
Originally completed this box using metasploit, but decided to go at it again without it. Here’s what I did and an explanation of why it works.
TLDR: Target has vulnerable web service, used RCE exploit for inital access, escalated privilege by exploiting service running as system with unquoted path, created backdoor user with rdp access.
So first we run an nmap scan, doesn’t need to be anything crazy for this box just a default scan will do.
We can see this machine is running a few services.
TLDR; I use a chromebook for ctfs and infosec and I love it. Here’s why.
What do you think of when you hear the word “chromebook”? Does a small bland laptop come to mind, akin to those found in public schools? Or maybe something closer to netbooks, lacking functionality and not meant for doing anything resembling real work.
Truth be told, that is what chromebooks were for a while. When they were first introduced in 2011, all a chromebook could do is browse the web and nothing more. …
This is a challenge I found interesting from HackPack CTF (hosted by student club at NCSU). It’s a web challenge so we get a link and a hint:
I wonder if they will sell you a Flask of milk to go with your cookies..
Cool, the challenge is called cookie forge so it probably has to do with web cookies.
If we go to the link we are greeted with a page about cookies. After navigating the website for a bit we can see there’s a few pages of interest. A ‘Flagship loyalty’ page and a login page. If we…