We covered the first part solution walkthrough of Cyberry Vulnhub lab where we demonstrated port knocking.
In the second part, we covered the second solution walkthrough of Cyberry Vulnhub lab where we demonstrated binary exploitation with GDB debugger & Metasploit framework.
Description
Instructions The boot2root is a Debian virtual machine and has been fully tested using VMWare Workstation 12. The network interface of the virtual machine will take it’s IP settings from DHCP. Level Beginner to Intermediate.
Cyberry are eagerly anticipating the release of their new “Berrypedia” website, a life-long project which offers knowledge and insight into all things Berry! Challenge The challenge is to get root. Rooting this box will require a wide variety of skills and techniques, and you may find that there is more than one way to achieve this.
Whilst the boot2root itself can technically be completed offline, you will almost certainly require some form of internet access (Search engine) at your disposal to move forward past some of the challenges.
Port Knocking
Network administrators employ a technique called port knocking for authentication. It comprises of a knock sequence, which is a predetermined series of closed port connection attempts to particular IP addresses. The method makes use of a daemon that scans firewall log files for the proper order of connection requests.
Because the protected ports will appear closed unless the attacker transmits the correct knock sequence, the main goal of port knocking is to prevent an attacker from using a port scan to look for potentially vulnerable services on a system.
Binary Exploitation
Computer executables, often known as binaries, are files containing machine code. The binaries you will encounter in CTFs are primarily Linux ELF files, however occasionally you will come across Windows executables. Within the field of cyber security, binary exploitation is a vast issue that essentially involves identifying a software vulnerability and using it to take control of a shell or change the way the program operates.
Video Walkthrough | Part one
Video Walkthrough | Part Two