UQ Cyber Squad 0x03 Shells

Introduction

0x03 Shells session presented by the UQ Cyber Squad. Access via OpenVPN connection. OpenVPN configuration bundle provided during the workshop.

Challenge 1 - Family Binding Time - 10pts

Let’s bind together at 192.168.57.11:8297

nc 192.168.57.11 8297
id
uid=1002(user) gid=1002(user) groups=1002(user)
pwd
/home/user
ls -las
total 60
 4 drwxr-xr-x 3 user    user  4096 Mar 27 06:02 .
 4 drwxr-xr-x 4 root    root  4096 Mar 24 02:13 ..
 4 -rw------- 1 user    user  1584 Mar 26 01:26 .bash_history
 4 -rw------- 1 user    user   105 Mar 26 00:50 .lesshst
 4 -rw------- 1 user    user     5 Mar 24 03:38 .python_history
 4 drwxr-xr-x 2 user    user  4096 Mar 26 00:59 .ssh
 8 -rw------- 1 user    user  5066 Mar 27 06:01 .viminfo
 4 -r-xr-xr-x 1 root    user   892 Mar 27 06:02 init_shell.py
20 -rwsr-xr-x 1 richard root 16728 Mar 26 00:54 read_secret_message
 4 -rw-r--r-- 1 user    user    24 Mar 24 02:14 user.txt
cat user.txt	
flag{n1c3_b0nd1ng_t1m3}

Challenge 2 - shhhhhhhh - 20pts

How do I ssshhhhh? How do I know how to?

[Read More]
ctf  uq  less  ssh  nc  netcat  suid  shell  bash 

Metasploitable2 Walk-through

(This is an interim post and will be updated progressively. This note will be removed once done.)

This post extends the walk-though on the initial version of Metasploitable at http://nkush.blogspot.com.au/2011/09/metasploitable-walkthrough.html. It should be noted that some commands and output may have been truncated for the purposes of brevity.

Set-up The set-up included two machines in a virtual test environment using VirtualBox. The first was a Metasploitable virtual machine (VM) and the second a Kali 1.0 VM. The two hosts were configured to have a host-only network connection. The test environment was isolated to the 192.168.32.0/24 network. All commands were execute on the Kali VM.

[Read More]