mgarrity.com

CTF Writeups | InfoSec Topics

Written by Mike Garrity

Email RSS

  1. January 04, 2025

    Administrator is currently an active machine on Hack The Box. This writeup will be published once the machine has been retired.

  2. December 16, 2024

    Axlle is a Windows machine running Active Directory. A hosted website displays a maintenance notice, but also mentions that outstanding…

  3. December 07, 2024

    Object is a Windows machine running Active Directory. Access to a Jenkins instance allows for triggering builds that execute batch commands…

  4. November 01, 2024

    Monitored is a Linux machine running an instance of Nagios XI. A username and password for Nagios can be discovered from SNMP data, which…

  5. October 21, 2024

    Blurry is a Linux machine running an application with a vulnerable version of ClearML, which contains a deserialization flaw (CVE-2024-2459…

  6. October 15, 2024

    EvilCUPS is a Linux machine affected by several vulnerabilities discovered in CUPS (Common Unix Printing System) in September 2024. These…

  7. August 29, 2024

    Builder is a Linux machine running a version of Jenkins with an arbitrary file read vulnerability via the CLI (CVE-2024-23897). This…

  8. August 15, 2024

    Aero is a Windows machine hosting a website that allows users to upload custom Windows 11 themes. Due to a known RCE vulnerability in…

  9. August 03, 2024

    Visual is a Windows machine hosting a website that compiles Visual Studio projects from a remote Git repository. Command execution on the…

  10. July 27, 2024

    Jab is a Windows machine running Active Directory with an XMPP server that allows open registration. Once an account has been created, a…

  11. July 14, 2024

    Manager is a Windows machine running Active Directory. After gathering a list of domain users by brute-forcing SIDs, one of the users is…

  12. July 01, 2024

    Blackfield is a Windows machine running Active Directory. A list of potential usernames can be created based on user directories found in an…

  13. February 09, 2024

    Reel is a Windows machine running Active Directory with an open FTP server that contains a few documents, one of which reveals an email…

  14. January 30, 2024

    Escape is a Windows machine running Active Directory with an open SMB share containing credentials for an MSSQL instance. After connecting…

  15. January 24, 2024

    Scrambled is a Windows machine running Active Directory. A username can be found on a hosted webpage as well as a message indicating that…

  16. December 29, 2023

    Cascade is a Windows machine running Active Directory. An anonymous LDAP bind allows for enumeration of the environment, leading to the…

  17. December 20, 2023

    Monteverde is a Windows machine with an Active Directory environment featuring Azure AD. After enumerating domain users, it can be…

  18. December 09, 2023

    Resolute is a Windows machine running Active Directory. A few different methods can be used to enumerate users on the system and reveal an…

  19. December 03, 2023

    VulnNet: Active is a Windows machine running Active Directory with an instance of Redis that doesn't require authentication. This can be…

  20. November 24, 2023

    Timelapse is a Windows machine running Active Directory with an open SMB share that contains a password-protected ZIP archive. The password…

  21. November 16, 2023

    Blue is a Windows machine running SMB. A scan with Nmap can reveal that the box is vulnerable to EternalBlue, an exploit that targets a flaw…

  22. November 12, 2023

    Return is a Windows machine running Active Directory. A webpage featuring a printer admin panel can be leveraged to reveal LDAP credentials…

  23. November 02, 2023

    Sauna is a Windows machine featuring an Active Directory environment. A list of potential usernames can be generated based on a webpage that…

  24. October 31, 2023

    Active is a Windows machine running Active Directory with an open SMB share that contains an encrypted GPP (Group Policy Preferences…

  25. October 08, 2023

    Forest is a Windows machine running Active Directory. An anonymous LDAP bind allows for enumeration of the system which can be leveraged to…

  26. August 25, 2023

    Cronos is a Linux machine hosting a website with an admin subdomain that contains a login form with a SQL injection vulnerability. After…

  27. July 20, 2023

    Authority is a Windows machine running Active Directory that has an open SMB share containing ansible vault encrypted credentials. Once…

  28. July 13, 2023

    Topology is a Linux machine hosting a website with a PNG image generator based on LaTeX inline math mode commands. This feature can be…

  29. July 07, 2023

    Inject is a Linux machine hosting a cloud storage and collaboration app built with Java and the Spring framework. A route on the app has a…

  30. July 04, 2023

    MonitorsTwo is a Linux machine with a web application that uses Cacti, a web based monitoring and fault management framework. The version of…

  31. June 29, 2023

    Busqueda is a Linux machine featuring a web application that provides users with a URL for a variety of search engines across the web with…

  32. June 20, 2023

    PC is a Linux machine with an open port running gRPC (Google Remote Procedure Call). Interaction with the server using allows for the…

  33. June 13, 2023

    TwoMillion is a Linux machine hosting a web application with an API that has a command injection vulnerability. This vulnerability can be…

  34. April 10, 2023

    Mirai features a Raspberry Pi device with default credentials that can be used to log in over SSH. Enumeration of the machine reveals a USB…

  35. March 27, 2023

    Diogenes' Rage is a web challenge featuring a vending machine application that enables users to purchase items using a coupon worth $1.0…