Because she was a princess she had a Pegasus.

Knapsy (blog) released Pegasus – to be honest I was supposed to beta test it, but I kinda didn’t get a chance to. However, it allowed me to experience the VM at the same time as everyone else.

People generally work alone on VM’s, so to mix it up a bit, I decided to team up with barrebas (blog) and own the VM as a collaboration :)

So, here’s a quick walkthrough on how to root Pegasus, written by both barrebas and myself.
Continue reading…

Please do not feed the trolls.

Maleus released Tr0ll a while ago, and while I didn’t attempt it, I figured I’d do the follow up – Tr0ll2. So, here is a quick runthrough of how to pwn it.

I would put this VM at beginner level – it’s not particularly complicated. It’s more a case of finding hidden data than actually doing any vulnerability exploitation. Lets get started.
Continue reading…

How Many Hackers Does It Take To Change A Lightbulb ?

Whilst in the middle of cracking Xerxes2, leonjza decided to release Flick – a CTF that is sure to tax minds.  Naturally I decided to make myself feel like an unskilled loser, and downloaded it. Here’s the story of how I rooted Flick first.

Continue reading…

The Glory of The Many Demands your Capture or Destruction.

It’s been a long wait, but barrebas released Xerxes2 on Vulnhub. I’ve not broken into Xerxes1, so I figured what the hell, lets give this a go. It might take me ages, but it’s all a learning curve, right ? Here’s how I became the first person to get root

Continue reading…

Hell Walkthrough – Part 5

Part 1 | Part 2 | Part 3 | Part 4 | Part 5

This is the last step. The last hoop that needs to be jumped through. The last wall of hurdles between me and root. LET’S DO THIS !

Orange Juice Doesn’t Echo

The OJ user has 1 file, a binary called echo which does exactly that, it repeats what you send it. This guy is the height of programming ability. There’s got to be something wrong with it.
Continue reading…

Hell Walkthrough – Part 4

Part 1 | Part 2 | Part 3 | Part 4 | Part 5

Yup, we’re still going.  Told you it’d be a long journey didn’t I ?

Tales from the Crypt, But First I’ll Rock You

George has one file in his home folder – a Truecrypt container. I guess no one has told George that TrueCrypt isn’t recommended any more – he should be using something else. *shakes fist at the NSA*
Continue reading…

Hell Walkthrough – Part 3

Part 1 | Part 2 | Part 3 | Part 4 | Part 5

I Want to Play a Game, But No Jigsaws, OK ?!

The home folder for milk_4_life is pretty sparse, just a binary called “game”. However, it’s owned by the george user, and has the suid attribute set.

$ ls -l
total 20
---s--x--x 1 george      george      5743 Jun 19 18:24 game

Running the binary produces the following output, which doesn’t tell us much other than it’s “listening”. Like a overly intrusive neighbour.
Continue reading…