Monday, 22 June 2015

Darknet 1.0 Write-up

Stage 0

Download and startup of the machine went smooth as expected. The machine is running in a host-only network and got the IP address assigned. The host's virtual network interface is 

General remark: You may experience problems with the VM at times. It may become unresponsive or one of the payloads you used won't work anymore. From my observations this becomes very likely if you are using brute force techniques. These will fill up the logs and exhaust disk space up to the degree where the machine can't even store sessions anymore which will prevent you from logging in. If that happens restart the machine, that did fix the issue for me most of the times. At one point though, only rolling back to a previous snapshot solved my issues.

Sunday, 21 June 2015

Darknet 1.0 - I'm finally root

With the new weekend, I found some more time to play with q3rv0's Darknet 1.0 and finally managed to get root.

I learned a lot on the way and appreciated the time I spent on this VM. Thanks to the author.
The wirte-up will follow today, or sometime during the week.

Wednesday, 10 June 2015

Darknet 1.0 - progress update

It's been a while...

... but I have great news, I passed several steps, not big ones but hey. In order to not spoil the fun for others I will try to hint on what I did, without getting into details and without any true evidence.

I used some of the information provided here to get a web shell up and running, however running is maybe a little much to say. Going into detail would spoil to much so I save that for the write-up.
Using the web shell and my rudimentary PHP skills I pulled some very interesting information out of the machine. Which then lead me to this.

After evaluating the new found portion of the challenge I'm now stuck with another injection problem and also with some directories, which I cannot make much sense of .... yet!

Write to you soon!