PWK Labs: the first host falls

2017-01-29 20:41:00

Hotline Miami 2 logo

I thought I'd get a quick start on doing recon on the PWK labs. Using various enumeration and scanning techniques I've so far found 46 of the 50 hosts I expect to be in the public network. Beyond that, we'll see. For now, I wanted to get started on at least one box. One stood out: 10.11.1.217, which was found to have no less than ten open services. That looks promising!

It was a lot of fun, exploring that box! What started with a simple credentials issue, led me down the rabbit hole of multi-application LFI. Where I got within inches of the goal using my own approach I did not manage to leap that final hurdle. Some more research led me to an alternative approach of the same category, which flawlessly led to a shell. After that, the host was rife with configuration issues that led to privesc. 

Onwards! I need to dig deeper into this box, to see what more I can find :)


kilala.nl tags: , , , ,

View or add comments (curr. 1)