Ah, good old laziness comes in various forms and flavors. Hey, they even included sloth in deadly sins list. For a reason I might say. Today we’ll look at our typical IT sinner – the lazy sysadmin.
TV show is finally over.
It’s hard to imagine now, that series premiered back in 2011 and lasted over 8 season. Show was praised by critics and fans alike, generated tons a memes and fan theories. It doesn’t matter that last episode is lowest-ranked episode ever on IMDB. Ever! I can’t agree with this, but it doesn’t matter now. I’m thankful for these 8 years anyway.
I found this CTF machine made by OscarAkaElvis on vulnhub. It’s clearly inspired by Game of Thrones, but goes way beyond it . So, valar morghulis!
This Friday lab is dedicated to one my favorite writers. But it’s just a coincidence =) #cissp #security #pentest
Raven 2 is another vulnerable intermediate level machine by William McCann. The only difference here that it has four flags to capture. Let’s dive right in!
The Matrix has you! Another quite easy machine to take down this monday. It’s more suitable as CTF, not a real life example, but however it’s really entertaining.
We did everything we could with the machine last time, why go back there? The thing is that sometimes there’s more than one solution for a single task.
This time we’ll try a different approach and see how it goes.
Let’s move on to this labs. This time is a Stapler by a g0tmi1k. Yeah, “You see Bob, it’s not that I’m lazy, it’s that I just don’t care”
Stapler is an intermediate machine with a couple of interesting twists. Here we go.
My pick for the first blog is a Toppo by Hadi Mene. Yes, I know there are many write ups but there’s no reason not make my own one!
Toppo is an entry level machine, but we have to start somewhere, right?
Well, not him. In fact it was me, alone in my boredom. (But check the game about Thomas, it’s a life changing experience).
Then I realized, that it was more than a year that I haven’t studied anything new or even remotely exciting. How come? Good old routine. And a lack of practice doesn’t make anyone better. Plus I have a lot of CPE to grab and blogging is an easy way.
In the following articles I’ll get a random machine from vulnhub.com and describe a process of hacking it. I’ll start from easy ones to see how things are going and then will get to more advanced boxes.
One of my favorite game trailers starts with something like this: “Once upon a time Aztecs believed that the gods did not just gave life to the people, but it had to be stolen. Prometheus stole the eternal flame, and Alberich stole the ring”.
I’m not implying anything, but the story is as old as the world itself and we’ll talk about stealing today. We’re going to steal some network traffic. And, of course, it’s not stealing it’s intercepting =)
This post is also available in Russian
My dad always says that there are two types of malfunction in any electronic device – presence of contact where it should not be and absence where it must be. I think it summarizes pretty much all the cybersec in the first place because it also applies to privileges. Our goal in general is to make sure that people with right privileges were able to access data and others were not.
Privileges management is not an easy task, although it may look straight forward at first. You start with list of resources and list of accounts, you match them and get some sort of access matrix. When it grows, and grows, and changes and in a couple of years no one remembers what privileges were given and why. Sad but true, no one documents anything. And it’s no surprise that fired employee still has access to some resource, and group for remote access is filled with accounts no one knows where came from.