I thought I'd get a quick start on doing recon on the PWK labs. Using various enumeration and scanning techniques I've so far found 46 of the 50 hosts I expect to be in the public network. Beyond that, we'll see. For now, I wanted to get started on at least one box. One stood out: 10.11.1.217, which was found to have no less than ten open services. That looks promising!
It was a lot of fun, exploring that box! What started with a simple credentials issue, led me down the rabbit hole of multi-application LFI. Where I got within inches of the goal using my own approach I did not manage to leap that final hurdle. Some more research led me to an alternative approach of the same category, which flawlessly led to a shell. After that, the host was rife with configuration issues that led to privesc.
Onwards! I need to dig deeper into this box, to see what more I can find :)
View or add comments (curr. 1)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Thomas Sluyter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.