https://3mrgnc3.ninja/2017/09/c0m80/
This is my third public Boot2Root, This one is intended to be quite difficult compared to the last two.
But again, that being said, it will depend on you how hard it is :D
The theme with this one is all about 'enumeration, enumeration, enumeration', lateral thinking, and how to "combine" vulnerabilities in order to exploit a system.
Once you have an IP insert it into your attack system /etc/hosts like this:
[dhcp-ip-address] C0m80.ctf
This VM will probably be different to other challenges you may have come across. With C0m80 You will be required to log in locally in the VirtualBox console window at some point. This, I know, may 'rile' some of the purists out there that say you should be able to compromise a boot2root fully remotely over a network. I agree to that in principle, and in this case I had intended to allow vnc or xrdp access. Alas, due to compatibility problems I had to make a compromise in this area in order to get the challenge published sooner rather than later.
It should be obvious at what point you need to log in. So when that time comes just pretend you are using remote desktop. ;D
Sorry, I hope you can forgive me.
[Difficult] but depends on you really
There is only one goal here. Become God on the system and read the root flag.
I Hope You Enjoy It.
https://3mrgnc3.ninja/files/C0m80_3mrgnc3_v1.0.ova
Please leave feedback and comments below. Including any info on walkthroughs anyone wishes to publish, or bugs people find in the VM Image.
Alternatively email me at 3mrgnc3 at techie dot com
