V.9 (Part 14) – Token SSH-Test – Final 14/14

Categories Tutorials

So the Final Chapter arrived… 😀 I’m happy to say that this was an awesome experience, and I hope this was useful for someone else also.
This Lab is coming to an end soon, and the version v10 will start, a new era, new challenges, more to learn, more to share, more difficulty’s to cross.

So, lets get to the business, shall we? Continue reading “ V.9 (Part 14) – Token SSH-Test – Final 14/14” V.9 (Part 13) – Token Terminal

Categories Tutorials

So, here we are again, almost finishing the lab v9.
This TOKEN was really hard, specially because you had to have in mind everything you went ahead till arrive here, and that everything has its own purpose.

Remember the reply email we were getting when going after the Email Token?
That is our way in into Terminal Token, and I have to be honest, I had no idea if I didn’t had a look into the WriteUp 😛

So, let’s go into it: Continue reading “ V.9 (Part 13) – Token Terminal” V.9 (Part 12) – Token Site-Test

Categories Tutorials

It’s been a long time since my last Token tutorial, but today I bring here another Token tutorial, this time to Site-Test Token 😉

So, this one was a nice one, and it makes use of a “recent” vulnerability that i didn’t knew about, so it was a great learning experince as you will find out 🙂
It was kinda hard because I started it and then took a month of break, so when i got back to it I had to rethink it again ( glad I had my notes).
So, enough talk, lets get back into what it really matters. Continue reading “ V.9 (Part 12) – Token Site-Test” V.9 (Part 10) – Token Photo

Categories Tutorials

So, another day, another tutorial. 😀
And this time we are going to focus our efforts in “Photo” machine.
As usual we start the nmap scan from our “ssh server” shell, and we see that we have 2 open ports SSH and HTTP.

$ nmap -sV

Starting Nmap 6.00 ( ) at 2016-08-03 16:17 MSK
Nmap scan report for
Host is up (0.0013s latency).
Not shown: 998 closed ports
22/tcp open  ssh     OpenSSH 6.0p1 Debian 4+deb7u4 (protocol 2.0)
80/tcp open  http    nginx 1.10.0

Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

So we start Continue reading “ V.9 (Part 10) – Token Photo” V.9 (Part 9) – Token DEV

Categories Tutorials

I have to say that until now this one (Token DEV) was the most fun and rewarding one. It made me use some previous knowledge analyze things, and once again think outside the box. It also made me know and learn a tool also known as Intercepter-ng.

So here we are, after get the Terminal2 Token, and have access to the Terminal2 machine we have the DEV machine in the same network, so we want to try to explore it, and get access to it. Continue reading “ V.9 (Part 9) – Token DEV” V.9 (Part 7) – Token MAIL

Categories Tutorials

So far, so long. It has been a long time since I posted the last token, so now we are here again at full power 🙂

This time we are going to explain the process to get the MAIL Token.
So, lets get things started:

For this token it was a hell of a ride, starting by accessing the server via nc, and trying to “VRFY” each user, to try some dir enumeration and downloading files like .htaccess nothing was been helpful, and since there was a lot of services on this machine it was beeing hard to find a way in.

So, I steped outside of this box, and Continue reading “ V.9 (Part 7) – Token MAIL” V.9 (Part 6) – Token NAS

Categories Tutorials

Before the day drops to an end… let’s share another Token Tutorial. 😀
This time will be our NAS server. I must say that this one was really fun, since we learned a lot and had the possibility to learn and explore at least two new tools. So, let’s get things started…
Once again, the first thing we did was to enumerate the target:

$nmap -sV

21/tcp   open  ftp     vsftpd 3.0.2
22/tcp   open  ssh     OpenSSH 6.7p1 Debian 5+deb8u2 (protocol 2.0)
3260/tcp open  iscsi?
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:kernel

Continue reading “ V.9 (Part 6) – Token NAS” V.9 (Part 5) – Token FTP

Categories Tutorials

Another day another tutorial Token 😀
This time our focus will be on the ftp server –
As always we start with a nmap scan from our SSH server to the FTP server:

$nmap -sV

21/tcp open  ftp     ProFTPD 1.3.5
22/tcp open  ssh     OpenSSH 6.7p1 Debian 5+deb8u2 (protocol 2.0)
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:kernel

With this information, we checked exploit-db and found a vulnerability that we might be able to use:

We tried to explore it: Continue reading “ V.9 (Part 5) – Token FTP”