Digital Archive

Search

SearchSearch

CTF Challenge Checklist

Created: Jan 28, 2024 • Modified: Jan 28, 2024
140 words, 1 min read

Information Gathering

  • Discover Target (netdiscover/ arp-scan)
  • Discover running services (rustscan)

Service Enumeration

  1. Web App Enumeration
    • Directory discovery (feroxbuster/ dirbuster)
    • Vulnerability scan (nikto)
    • Web server & technology exploits
    • Checking for existence of /robots.txt, sitemap.xml
    • Comments in HTML code
    • Portal version & available exploits
    • Forms/ Input fields - SQL injection (sqlmap)
    • PHP site with query parameters - LFI/RFI
    • Web server configuration files
    • File upload fields (Reverse shell upload)
    • User-agent spoofing
  2. SMB Enumeration
    • Anonymous access allowed
    • SMB version (msfconsole)
    • Enumeration - share & user names (smbclient/ nmap/ enum4linux)
  3. SSH Enumeration
    • Password directory attack (hydra)

Exploitation

  • Escaping restrictive shell
  • Services running as root: ps aux | grep root
  • sudo configuration issue
  • Misconfigured sticky bit: find / -type f -user root -perm -4000 -exec ls -lah {} + 2> /dev/null
  • Kernel exploits

How to Escape Restricted Shell Environments on Linux « Null Byte :: WonderHowTo

Backlinks

Graph View