OverTheWire Monxla Part 3

7 minute read Nov 26, 2012 Comments
Continuing from the last post, we are now logged in as a user. The next step on the PDF from the agent, that we can access, is the Notes Service. I started analyzing the source code, and noticed that the text that says “yes” or “no” in the table is actually an image being rendered from the hasnotes.php file. I started tinkering with that file, and found that it was vulnerable to SQL injection.

OverTheWire Monxla Part 2

3 minute read Nov 25, 2012 Comments
In the previous post, I showed how to get the PDF that outlines the services running on the Monxla VM image. This article will continue where that one left off. Firstly, the PDF explains that there are 2 virtual hosts enabled on the machine. To configure my machine for these virtual hosts, I added these lines to my /etc/hosts file: nasenko.otw honeylink.otw There are 2 sites immediately available to you:

OverTheWire Monxla Part 1

2 minute read Nov 24, 2012 Comments
I had a twitter follower recently inform me that OverTheWire had a new wargame up and running. I was immediately excited and downloaded it. Several days later, I actually was able to start tinkering with it. I booted up the image, and proceeded to do some preliminary nmap scans. I found a few services runinng: mandreko$ nmap -sV -p1-65535 -T4 Starting Nmap 6.01 ( http://nmap.org ) at 2012-11-15 10:28 EST Nmap scan report for 192.