Mechanical Keyboards Mechanical Keyboards are one of my hobbies, this sounds strange, even to me but hear me out. When most people think of keyboards they think of that 10 year old keyboard work gave you that you’ve been using for 3 years with built up grime that you use daily where the letters have faded entirely. When you think of mechanical keyboards you’re probably thinking of that Razer green backlit keyboard that you have seen at a computer store that “only gamers” use.

There are so many different OSCP writeups out there, too many even. Why read mine? I failed the exam 3 times so maybe that will provide a slightly different perspective compared to many of the guides which pass on the first go. Prior knowledge Before I go through the course, I’d like to cover where my knowledge level was at. At the start of the year I was studying to do my CCNA so I spent a few hours each working day on it for about 6 months.

The Elastic CTF is a capture the flag competition that I built based on the Elastic Stack (formerly ELK Stack). I created it for the Sectalks Ninja Night as a way to give back something to the community that has given me so much. It was designed to give people a chance to play with a platform that is used quite often in security teams in many companies. This was my first time developing a CTF challenge and I hope I get the chance to do it again another time.

This is a walkthrough for the Elastic Stack CTF scenario that was run for the Sectalks Ninja Night 0x08 (9th). The CTF is available to be spun up from my repository, for more information visit HERE. Feel free to spin it up and give it a go. Scenario: Overnight we’ve had an attack on our network, we have two devices in the cloud and it appears both have been compromised.

Enumeration Full nmap scan nmap -A -p- -o nmap.all.tcp 10.10.10.169 A - enable OS, version and script detection (-sV, -sC, -O) p- - test all ports … PORT STATE SERVICE VERSION 53/tcp open tcpwrapped 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2020-05-18 12:10:06Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: megabank.local, Site: Default-First-Site-Name) 445/tcp open microsoft-ds Windows Server 2016 Standard 14393 microsoft-ds (workgroup: MEGABANK) 464/tcp open kpasswd5?