Advent of Cyber 2 — Days 1 & 2

Day 1 — A Christmas Crisis

The IP address for your AttackBox should be at the top of the page
Your deployed, vulnerable VM will be displayed in this window
Firefox has a lot of very powerful web tools built in
Our cookie

Day 2 — The Elf Strikes Back!

The goal for this exercise is to initiate a reverse shell by uploading some php script to a server that’s meant to store images. While this may sound more complicated than Day 1, this is actually a pretty straightforward, but fun, exercise that takes advantage of some scripts that have already been written for us.

Changing the reverse shell script to the relevant IP address and Port number
The “dot jpeg” is all it will take to trick this server
Netcat is listening on port 443 for connection request (which you can see happen underneath)
Flag Captured

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store