Skip to main content

Posts

Showing posts with the label Sick OS 1.2 pen test challenges
SickOS 1.2 is the second Boot2Root Challenge in SickOS Series and is available at  Vulnhub . This is an interesting CTF and requires think-out-of-the-box mentality. This VM is intended for “Intermediates” and should take a couple of hours to get root. In this walkthrough, I’ll be using  Parrot Security OS  but you can use Kali or any other distro. Turn on the  Virtual Machine  and use Netdiscover to determine the IP. Then register this IP to your local DNS file “/etc/hosts”. sudo netdiscover -r [IP/subnet] sudo nano /etc/hosts Run a full port Nmap scan. There is an HTTP Server running. There’s no “robots.txt” file so we need to run a dirb scan. dirb http://sick.local/ There’s an empty directory called “/test/”. When we test the Server, we see that PUT and DELETE commands are enabled. Now, try to put something to the Server. Fire up Burp Suite and in Repeater, set up the host as “sick.local” and port 80 and write PUT /test/hello HTTP/1.1 Host: