Buff is an easy Windows machine. You gain foothold on the machine through a CVE with a public exploit for the CMS. The PrivEsc is slightly harder as it requires you to perform port forwarding in order to be able to leverage an buffer overflow vulnerability. Who would have…

We scan the IP with nmap to see what we have. sudo nmap -sC -sV -sS -p- -oA granny 10.10.10.15

Another machine from the Mayor’s and TJnull’s OSCP list. This is an easy one which can be done in two different ways and we will take a look at both. Let’s scan the IP we have with nmap to enumerate the ports and services. sudo nmap -sS -sC -sV -oA…

This is an easy Windows machine. We begin enumeration with nmap for the ports and services. sudo nmap -sS -sC -sV -O -oA legacy_nmap_initial_scan 10.10.10.4 The results show Windows Server 2003 SP 2.

This is probably the easiest box on HTB. We start with an nmap scan to see what the open ports and services running. Since this is “Blue” and the name suggests it we would be exploiting EternalBlue. I run the scan with vuln script. sudo nmap -sC -sV -O —…

I will be doing some CTF writeups starting from easier to harder ones in preparation for the OSCP. I will try and go over some vulnerable machines from the following lists: Let’s begin with an easy Linux machine called “Lame”.