July 3, 2025 at 9:09 PM
I recently documented my journey so if I had to do it again, I could. Feel free to check out this link to see how I did it.
Either way, it was a fun challenge and learned a few things. I now I have a lab system with Metasploitable 3, vulnerable MS SQL Server, and the makings of GOAD.
Either way, it was a fun challenge and learned a few things. I now I have a lab system with Metasploitable 3, vulnerable MS SQL Server, and the makings of GOAD.
July 3, 2025 at 9:08 PM
I recently documented my journey so if I had to do it again, I could. Feel free to check out this link to see how I did it.
Either way, it was a fun challenge and learned a few things. I now I have a lab system with Metasploitable 3, vulnerable MS SQL Server, and the makings of GOAD.
Either way, it was a fun challenge and learned a few things. I now I have a lab system with Metasploitable 3, vulnerable MS SQL Server, and the makings of GOAD.
Got the User Flag right away.
Ran sudo -l and found php could be ran with no password
Used GTFOBins and found a way to escalate to a root shell.
Simple.
Ran sudo -l and found php could be ran with no password
Used GTFOBins and found a way to escalate to a root shell.
Simple.
February 15, 2025 at 12:25 PM
Got the User Flag right away.
Ran sudo -l and found php could be ran with no password
Used GTFOBins and found a way to escalate to a root shell.
Simple.
Ran sudo -l and found php could be ran with no password
Used GTFOBins and found a way to escalate to a root shell.
Simple.
My Process:
Nmap the box `nmap -sC -SV <ip address>`, found the openssh and open Apache Server
Ran Gobuster just for enumeration.
Used Firefox, figured out it was running GetSimpleCMS, Checked Searchsploit and Metasploit. Also found weak password on Admin Page,
Used Metasploit to get a shell
Nmap the box `nmap -sC -SV <ip address>`, found the openssh and open Apache Server
Ran Gobuster just for enumeration.
Used Firefox, figured out it was running GetSimpleCMS, Checked Searchsploit and Metasploit. Also found weak password on Admin Page,
Used Metasploit to get a shell
February 15, 2025 at 12:23 PM
My Process:
Nmap the box `nmap -sC -SV <ip address>`, found the openssh and open Apache Server
Ran Gobuster just for enumeration.
Used Firefox, figured out it was running GetSimpleCMS, Checked Searchsploit and Metasploit. Also found weak password on Admin Page,
Used Metasploit to get a shell
Nmap the box `nmap -sC -SV <ip address>`, found the openssh and open Apache Server
Ran Gobuster just for enumeration.
Used Firefox, figured out it was running GetSimpleCMS, Checked Searchsploit and Metasploit. Also found weak password on Admin Page,
Used Metasploit to get a shell
Reposted
Regardless of what we pour into defensive tech, the weak spot will always be the people using technology. Social engineering is too easy, whether it’s a cyber criminal posing as IT support, a scammer romantic interest or a foreign government or domestic organization manipulating public opinion. /3
January 26, 2025 at 2:43 PM
Regardless of what we pour into defensive tech, the weak spot will always be the people using technology. Social engineering is too easy, whether it’s a cyber criminal posing as IT support, a scammer romantic interest or a foreign government or domestic organization manipulating public opinion. /3
Making the switch to Linux as my daily driver at the start of 2021 has been invaluable. So that is a takeaway, have a solid Linux background before trying out these types of labs.
My other takeaway is Parrot OS is a lean alternative to Kali. Runs great in a virtual machine and has similar tools.
My other takeaway is Parrot OS is a lean alternative to Kali. Runs great in a virtual machine and has similar tools.
January 13, 2025 at 12:08 PM
Making the switch to Linux as my daily driver at the start of 2021 has been invaluable. So that is a takeaway, have a solid Linux background before trying out these types of labs.
My other takeaway is Parrot OS is a lean alternative to Kali. Runs great in a virtual machine and has similar tools.
My other takeaway is Parrot OS is a lean alternative to Kali. Runs great in a virtual machine and has similar tools.