Machine Details Name: Symfonos 2 OS: Linux Platform: Vulnhub Download Link: Symfonos 2 Getting started I booted up the machine and got assigned an IP addres of 192.168.50.130. Similar to symfonos1, I added symfonos2.local to my hosts file. 192.168.50.130 symfonos2.local

Machine Details Name: Symfonos: 3 OS: Linux Platform: Vulnhub Download Link: Symfonos 3 Getting started After obtaining an IP address for the machine, 192.168.50.137 in my case. I addeed it to mu hosts file. 192.168.50.137 symfonos3.local

Machine Details Name: Symfonos 1 OS: Linux Platform: Vulnhub Machine Link: Download Symfonos 1 Obtaining the assigned machine IP address After setting up the machine on VMWare, the first step is to find the IP address assigned to the machine. To do this, we can use several methods. The two I use often is shown below: sudo netdiscover -r 192.168.50.0/24

Machine Details Name: Search OS: Windows IP address: 10.10.11.129 Difficulty: Hard Points: 40 Initial Enumeration As always, I started with an nmap scan to find out what services are running on the box.

Machine Details Name: SunsetDecoy IP address: 192.168.66.85 Difficulty: Easy Points: 5 In the beginning As always, I started with an nmap scan and the result is shown below: There seems to be two services running; SSH on port 22 and HTTP on port 80. From the script enumeration, the HTTP service is serving a file save.zip. So I proceeded to visit the IP address in the browser and downloaded the save.zip file.

Machine Details Name: FunBoxRookie IP address: 192.168.66.107 Difficulty: Easy Points: 5 It all began with nmap Once the box has been started, as usual the first step is to run a scan. nmap comes to the rescue and the result is shown below. From the scan results, there are three services running on this box; an FTP service on port 21, an SSH service on port 22 and also an HTTP service on port 80. Interestingly, the FTP service allows anonymous login.

Machine Details Name: BBSCute IP address: 192.168.118.128 Difficulty: Easy Points: 5 Initial Enumeration I started the box and was assigned the IP address 192.168.118.128. My first step was to conduct a scan. For this purpose I used nmap and found the following ports open: 22, 80, 88, 110, 995. Conducting further enumeration, I entered the IP address into the browser and I was presented with the page below:

Machine Details Name: Horizontall IP address: 10.10.11.105 Difficulty: Easy Points: 20

Name: c0ntr0l 0x03 Category: web Points: 150 At the time of this write up, the challenges has ended and the web interfaces closed, so I will explain some processes rather than providing screenshots. Challenge Description We were told to find out was Angela was talking about and find the flag. Solution

Name: c0ntr0l 0x01 Category: Web Points: 100 At the time of this write up, the challenges has ended and the web interfaces closed, so I will explain some processes rather than providing screenshots. Challenge Description We were given an IP address for the challenge at http://104.131.178.50:8888/. Visiting the page returns a login screen. Solution

Name: Can you see through the crowd Challenge Description look precisely :) this challenges flag starts with RAZICTF Solution Starting the challenge, we are provided an IP address to connect using netcat: nc 130.185.122.69 12478

Name: Git The Flag Points: 700 Challenge At the time of this write up, the Arpcon CTF has ended and I no longer have access to the challenge details for screenshot. Solution We were provided with a secret.zip file. Extracting the file with unzip secret.zip and navigating to the extracted folder, looks like we got ourselves a git repo.

Name: Hacker Camp Challenge Solution By following the provided link https://hacker-camp.chals.damctf.xyz/we are presented with a login page So we have a PHP application requesting for a username and password. We did some directory brute forcing with gobuster but didn't get much result, so we proceeded to bypass the login page using SQLi. Providing ' or 1=1# as the username (any SQLi login bypass payload will work, you can find some here) and any password, we are logged in as the user rhonda.daniels Then we have a list of students, looks like rhonda.daniels is a staff