mgarrity.com

CTF Writeups | InfoSec Topics

Written by Mike Garrity

Email RSS

  1. December 07, 2024

    Object is a Windows machine running Active Directory. Access to a Jenkins instance allows for triggering builds that execute batch commands…

  2. November 01, 2024

    Monitored is a Linux machine running an instance of Nagios XI. A username and password for Nagios can be discovered from SNMP data, which…

  3. October 21, 2024

    Blurry is a Linux machine running an application with a vulnerable version of ClearML, which contains a deserialization flaw (CVE-2024-2459…

  4. October 15, 2024

    EvilCUPS is a Linux machine affected by several vulnerabilities discovered in CUPS (Common Unix Printing System) in September 2024. These…

  5. August 29, 2024

    Builder is a Linux machine running a version of Jenkins with an arbitrary file read vulnerability via the CLI (CVE-2024-23897). This…

  6. August 15, 2024

    Aero is a Windows machine hosting a website that allows users to upload custom Windows 11 themes. Due to a known RCE vulnerability in…

  7. August 03, 2024

    Visual is a Windows machine hosting a website that compiles Visual Studio projects from a remote Git repository. Command execution on the…

  8. July 27, 2024

    Jab is a Windows machine running Active Directory with an XMPP server that allows open registration. Once an account has been created, a…

  9. July 14, 2024

    Manager is a Windows machine running Active Directory. After gathering a list of domain users by brute-forcing SIDs, one of the users is…

  10. July 01, 2024

    Blackfield is a Windows machine running Active Directory. A list of potential usernames can be created based on user directories found in an…

  11. February 09, 2024

    Reel is a Windows machine running Active Directory with an open FTP server that contains a few documents, one of which reveals an email…

  12. January 30, 2024

    Escape is a Windows machine running Active Directory with an open SMB share containing credentials for an MSSQL instance. After connecting…

  13. January 24, 2024

    Scrambled is a Windows machine running Active Directory. A username can be found on a hosted webpage as well as a message indicating that…

  14. December 29, 2023

    Cascade is a Windows machine running Active Directory. An anonymous LDAP bind allows for enumeration of the environment, leading to the…

  15. December 20, 2023

    Monteverde is a Windows machine with an Active Directory environment featuring Azure AD. After enumerating domain users, it can be…

  16. December 09, 2023

    Resolute is a Windows machine running Active Directory. A few different methods can be used to enumerate users on the system and reveal an…

  17. December 03, 2023

    VulnNet: Active is a Windows machine running Active Directory with an instance of Redis that doesn't require authentication. This can be…

  18. November 24, 2023

    Timelapse is a Windows machine running Active Directory with an open SMB share that contains a password-protected ZIP archive. The password…

  19. November 16, 2023

    Blue is a Windows machine running SMB. A scan with Nmap can reveal that the box is vulnerable to EternalBlue, an exploit that targets a flaw…

  20. November 12, 2023

    Return is a Windows machine running Active Directory. A webpage featuring a printer admin panel can be leveraged to reveal LDAP credentials…

  21. November 02, 2023

    Sauna is a Windows machine featuring an Active Directory environment. A list of potential usernames can be generated based on a webpage that…

  22. October 31, 2023

    Active is a Windows machine running Active Directory with an open SMB share that contains an encrypted GPP (Group Policy Preferences…

  23. October 08, 2023

    Forest is a Windows machine running Active Directory. An anonymous LDAP bind allows for enumeration of the system which can be leveraged to…

  24. August 25, 2023

    Cronos is a Linux machine hosting a website with an admin subdomain that contains a login form with a SQL injection vulnerability. After…

  25. July 20, 2023

    Authority is a Windows machine running Active Directory that has an open SMB share containing ansible vault encrypted credentials. Once…

  26. July 13, 2023

    Topology is a Linux machine hosting a website with a PNG image generator based on LaTeX inline math mode commands. This feature can be…

  27. July 07, 2023

    Inject is a Linux machine hosting a cloud storage and collaboration app built with Java and the Spring framework. A route on the app has a…

  28. July 04, 2023

    MonitorsTwo is a Linux machine with a web application that uses Cacti, a web based monitoring and fault management framework. The version of…

  29. June 29, 2023

    Busqueda is a Linux machine featuring a web application that provides users with a URL for a variety of search engines across the web with…

  30. June 20, 2023

    PC is a Linux machine with an open port running gRPC (Google Remote Procedure Call). Interaction with the server using allows for the…

  31. June 13, 2023

    TwoMillion is a Linux machine hosting a web application with an API that has a command injection vulnerability. This vulnerability can be…

  32. April 10, 2023

    Mirai features a Raspberry Pi device with default credentials that can be used to log in over SSH. Enumeration of the machine reveals a USB…

  33. March 27, 2023

    Diogenes' Rage is a web challenge featuring a vending machine application that enables users to purchase items using a coupon worth $1.0…