Away

I was away again but I’m back; I’ve still been doing stuff so I’ll probably write some of it up. Anyway. New boxes on Vulnhub - I downloaded HACKER KID: 1, which was 4.7Gb(!) It says:

Difficulty: Easy/Medium (Intermediate)

This box is OSCP style and focused on enumeration with easy exploitation.The goal is to get root.No guessing or heavy bruteforce is required and proper hints are given at each step to move ahead.

Sounds interesting, let’s try it out. It comes as a RAR. I tried 7zip, which I usually use for everything - it wouldn’t extract. Then I tried unrar in linux:

david@DESKTOP-JEJDM9M:/mnt/c/Temp$ unrar e Hacker_Kid.rar

UNRAR 5.61 beta 1 freeware      Copyright (c) 1993-2018 Alexander Roshal


Extracting from Hacker_Kid.rar

Extracting  Hacker_Kid.ova                                            81%
Hacker_Kid.ova       - checksum error
Total errors: 1

Yeah, it doesn’t work. Checked the SHA1 hash of the RAR file - it matches and it’s broken. But….! We have an update. The box creator reached out to me and it turns out that yes, the version on Vulnhub is broken somehow but I now have a working version!

I have started the box and made some progress - I’ve got a file read - but I haven’t got a shell yet. One thing though was the hostname wasn’t supplied and I couldn’t coax it out of the box with dig, nslookup, fierce whatever so I had to pull a dirty trick. Anyway hopefully there will be a writeup soon.

Actual success

Yesterday I did the new HTB box BountyHunter. I’ve done Sweettooth Inc, Metamorphosis and Basic Malware RE on THM. I did user on Rocket, which was totally epic. I should write some of it up. Maybe I will; not today though. But I am still here, and I am still plugging away.