Pen Test Assessment

Penetration Test Assessment A penetration test assessment was a requirement of a short cource on Penetration Testing from the Charles Sturt University. As part of the assessment, students were provided an ova image of a virtual machine. The virtual machine was to be the target of a penetration test, and students were expected to obtain flags for submission. A walkthrough of the assessment is presented here. For the benefit of other students, the names and values of the flags have been redacted, and replaced with the string REDACTED

Read More →

vulnhub.com sickos1.1

host: 192.168.56.1 dhcp-server: 192.168.56.100 kali: 192.168.56.101 * log # 2015/12/26 19:00 -> 19:40 (40min) # 2015/12/26 22:10 -> 23:50 (1hr 40min) # 2015/12/27 18:20 -> 18:40 (20min) # total time = 2hr 40min) * discovery - target * nmap --min-parallelism=100 -sP -T5 192.168.56.0/24 * found: 192.168.56.102 * discovery - services * nmap --min-parallelism=100 -A -T5 -p1-65535 192.168.56.102 * found: port 22/tcp ssh, 3128/tcp squid, 8080/tcp ?? * !!exploit-db did not reveal much * tried: nc -n -v 192.

Read More →

vulnhub.com fristileaks1.3

host: 192.168.56.1 dhcp-server: 192.168.56.100 kali: 192.168.56.101 * log # 2015/12/24 14:45 -> 16:30 (1hr 45min) # 2015/12/25 15:00 -> 17:45 (2hr 45min) # total time = 4hrs 30min * discovery - target * nmap --min-parallelism=100 -sP -T5 192.168.56.0/24 * found target: 192.168.56.102 * discovery - services * nmap --min-parallelism=100 -A -T5 -p1-65535 192.168.56.102 * found ports: 80 * enumerate port 80 * wget http://192.168.56.102 * cat index.html * wget http://192.168.56.102/images/keep-calm.png * wget http://192.

Read More →

Metasploitable2 Walk-through

*(This is an interim post and will be updated progressively. This note will be removed once done.)* This post extends the walk-though on the initial version of Metasploitable at http://nkush.blogspot.com.au/2011/09/metasploitable-walkthrough.html. It should be noted that some commands and output may have been truncated for the purposes of brevity. Set-up The set-up included two machines in a virtual test environment using VirtualBox. The first was a Metasploitable virtual machine (VM) and the

Read More →