In conclusion, there's a lot of stuff in this that arn't in most challenges. Loved it
This course also stressed note-taking, and writing a proper pentest report, but left that as homework.
Unlike MOST windows challenges, this one has anti-virus, so you also have a simple example of av evasion.
Finally, you get to pivot off the second box to attack the third and final. For this one, you get the source code and do a (guided) code analysis, and engineer an exploit.
They present you with a small module for each but leave the choice in how to use those tools to pivot to the next box. After you compromise the second box, they introduce C2 (Command & Control) frameworks
Then that difference came in: the Pivot. This room has a lot of tasks around several different pivoting tools- from SSH port redirection, socat, chisel, sshuttle, plink, etc.
At first, I could only see one system (firewall), so target selection wasn't hard, and the hack was a publicly known CVE, which was pretty easy
One of the differences between this and other rooms, or vulnhub images, is this is a whole network, multiple VMs to hack. As it is a walkthrough, the hacks were not too hard.
First, let me say it is a walkthrough, so if you stick with the script, it will hold your hands the whole way. I tried to stay a bit in front of the script, and I did for the first two.
* LACK enclosure with lighting and grommets, need to order the doors.
* feed pulley (2" above the the qr code)
* bearings the spool is on
This is an instance for the Velvet and Lace IRC/Discord community. NO NAZIES