.&&&&&&&%%&&&                                                     
       #&&%&%%%%%%%%%%%&&&(                                                 
     #&%%&%&%&%&%&%&%&%&%%&&(                                               
    &&&%%%%%%%&(..#&&&%%%%%&&&                                              
   #%&%&%&&&/        (&&&&%&&&*                   %&%&%&%%&&@*              
   %&%%%%%&&          &&%%%&%%#               (&&&&%%%%%%%%%%%&&&           
   (%&%&%&&%%        %%&%&%&%%,             %&&&%&%&%&&&%&%&%&%&%&&.        
    %%%%%%%%%&%&(#&%%%%%%%%%&#             &&%%%%%%%&&#/(%%&%&%%%%%&(       
     *&%%&%&%&%&%%&&%&%&%&&%.             #&%&%&%&&,        &%%&%&%&&.      
       .&&&%%%%%%%%%%%%%%%                &&&%%%%%&          %%%%%%%&/      
           ,%&%&%&%%%#,                   #&%&%&%&&*        &&%&%&%%&.      
            .&%%%%%&&.                     &&%%%%%%&%&(*/%&&%&%%%%%&(       
            .&%&%&%&&.                      %&&%%&%&%&%&%&%&%&%&&%%.        
            .&%%%%%&&.                        (&&%&%%%%%%%%%%%&&&           
            .&%&%&%&&.      gitroot by          .#&&&%&%&%&&*              
            .%%%%%%&&.      RECURSIVENULL         &%%%%%%&@               
            .&%&%&%%%.                              %&%&%&%%/               
            .&%%%%%%%(                             &&%%%%%%&                
            .&%&%&%&%&&                         #&&&%&%&&&&                 
            .%%%%%%%%%&%&&&&&&%%&&&&&&&&&&&%&%&&%%%%%%%%%&                  
          .%&&%&%&%&%&%&%&%&%&%&%&%&%&%&%&%&%&%&%&%&%&&&                    
       %%&%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%&&%&&&&/                       
     &%%%&%&%&%&%&%&%&%&%&%&@@&&&&%#((/*,,..                                
   .&%%%%%%%&%&(*/&%%%%%%%%%%.                                              
   &%&%&%&%&         &%&%&%&&&                                              
   &%%%%%%&*         *%%%%%&&&                                              
   &&&%&%&&&         &%&%&%&%&                                              
   ,%%%%%%%&&%&(/#&%%&%%%%%%%.                                              
     &&&%&%&%&%&%&%&%&%&%&&&                                                
       &%&%%%%%%%%%%%%%&&&                                                  
          ,&%&&%&&&%%&.

The theme of this box is git.

The design of this box is HTB-like.

I will NOT be giving hints. Like a wise man once said "Try Harder"

Goals:

  • Get a low privilege shell and read /home/pablo/user.txt
  • Get a root shell and read /root/root.txt

Difficulty: Intermediate

This box only works on VirtualBox

DHCP is enabled

All of the users on this box are named after my teachers and mentors, thank you Pablo, Beth, and Jen.

Have Fun!

Pandavas are the warriors of the most epic tale of Mahabharat. And through this CTF we will go on the ordeal of betrayal and honour with them, to claim their rightful throne of Hastinapur. In this CTF there are five flags named after each Pandava:

  • Sehdeva
  • Nakula
  • Arjuna
  • Bheema
  • Yudhishthra

IF SOMETHING LOOKS SIMPLE, IT MIGHNT NOT BE THAT SIMPLE!

CengBox: 2

Arslan 26 May 2020

Name : CengBox:2

Goal : Get the user and the root flag

Diffuculty : Intermediate

Description : Looks like Ceng Company has site maintenance but there might be something that still working.

In this vm you may learn a few new things such as enumeration, CVE, privilege escalation and more. You will need everything that you found. Also you will have to check the differences and guess some things.

Tested on Virtualbox. The machine works properly with Virtualbox compared to Vmware.

For any feedback or hint feel free to contact me on Twitter @arslanblcn_

Cyber criminals have taken over the energy grid across Europe. As a member of the security service, you’re tasked with breaking into their server, gaining root access, and preventing them from launching their malware before it’s too late.

We know from previous intelligence that this group sometimes use weak passwords. We recommend you look at this attack vector first – make sure you configure your tools properly. We do not have time to waste.

Unfortunately, the criminals have started a 3 hour clock. Can you get to their server in time before their malware is deployed and they destroy the evidence on their server?

This exercise is designed to be completed in one sitting. Shutting down the virtual machine will not pause the timer. After the timer has finished, the CTF machine will be shut down and you will be unable to boot it. Please keep a local backup of the CTF prior to starting, in case you wish to attempt a second time.

If you are to succeed, I strongly recommend reading these points:

  • Keep a local backup before starting in case you run out of time
  • You will need a basic understanding of the GPG tool and how it works
  • Configure your tools so they work at the maximum/hardest level possible. Make sure you are looping around the correct thing, if you know what I mean
  • Getting the initial shell is possibly the longest part.
  • There are four flags in total. Each flag file will guide you to the next area
  • This virtual machine has been tested in VirtualBox only. I cannot guarantee it will work on VMWare, but it should be okay.

SHA-256: 8bc79937082748c21de14c5da3772f7fc750d52b68cf27816922186f6e68d6b7

This is rated as 'Hard' (as per the matrix here: https://security.caerdydd.wales/ctf-difficulty-levels/)

  • Machine Name: Seppuku_CTF
  • Author: SunCSR Team
  • Difficulty: Intermediate to Hard
  • Tested: VMware Workstation 15.x Pro (This works better with VMware rather than VirtualBox)
  • DHCP: Enabled
  • Goal: Get the root shell i.e.([email protected]:~#) and then obtain flag under /root).
  • Warning: Be careful with "rabbit hole" !.
  • Information: Your feedback is appreciated - Email: [email protected]

Tre: 1

SunCSR Team 13 May 2020
  • Machine Name: Tre
  • Author: SunCSR Team
  • Difficulty: Intermediate
  • Tested: VMware Workstation 15.x Pro (This works better with VMware rather than VirtualBox)
  • DHCP: Enabled
  • Goal: Get the root shell i.e.([email protected]:~#) and then obtain flag under /root).
  • Information: Your feedback is appreciated - Email: [email protected]
  • Machine Name: Katana_CTF
  • Author: SunCSR Team
  • Difficulty: Intermediate
  • Tested: VMware Workstation 15.x Pro
  • DHCP: Enabled
  • Goal: Get the root shell i.e.([email protected]:~#) and then obtain flag under /root).
  • Warning: Be careful with "rabbit hole".
  • Information: Your feedback is appreciated - Email: [email protected]
  • Machine Name: Geisha_Sun*
  • Author: SunCSR Team
  • Difficulty: Beginner to Intermediate
  • Tested: VMware Workstation 15.x Pro & VirtualBox 6.x (This works better with VMware rather than VirtualBox)
  • DHCP: Enabled
  • Goal: Get the root shell i.e.([email protected]:~#) and then obtain flag under /root).
  • Warning: Be careful with "rabbit hole".
  • Information: Your feedback is appreciated - Email: [email protected]
  • Machine Name: Sumo_Sun*
  • Author: SunCSR Team
  • Difficulty: Beginner
  • Tested: VMware Workstation 15.x Pro
  • DHCP: Enabled
  • Goal: Get the root shell i.e.([email protected]:~#) and then obtain flag under /root).
  • Information: Your feedback is appreciated - Email: [email protected]

This is my first Capture the Flag exercise and covers a number of different techniques.

The back story: Scammers are taking advantage of people and various fake shopping websites have been setup, but people are finding their orders never arrive. We have identified one scam website which we believe is harvesting credit card details from victims. Your objective is to take down the scam website by gaining root access, and identify the 3 flags on their server. Our intelligence suggests the scammers are actively reviewing all orders to quickly make use of the credit card information.

Difficulty is Medium