https://cameroncandau.com/ctf Last 10 notes on /CTF Quartz -- quartz.jzhao.xyz https://cameroncandau.com/ctf/ https://cameroncandau.com/ctf/ This is where I publish write-ups for Capture the Flag challenges, including OSCP preparation. Tue, 23 Jun 2026 07:15:27 GMT https://cameroncandau.com/ctf/OSCP/ https://cameroncandau.com/ctf/OSCP/ Timeline 2025-08-06: Bought exam + lab access 2025-08-29: Completed at least 30 boxes from the TJnull/Lain lists 2025-08-30: Started PWK course and lab access 2025-10-17 to 2025-11-11: Completed PWK Challenge Labs Additional Proving Grounds boxes DVR4 Image Lavita Shenzi PC Fired Press Scrutiny Ruby... Tue, 23 Jun 2026 07:15:27 GMT https://cameroncandau.com/ctf/OSCP/OffSec-Proving-Grounds-Tracking-for-OSCP https://cameroncandau.com/ctf/OSCP/OffSec-Proving-Grounds-Tracking-for-OSCP Copied from NetSecFocus / TJNull List: docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview Linux Boxes:Windows Boxes:Windows Active Directory Boxes:Post OSCP Section. Tue, 23 Jun 2026 07:15:27 GMT https://cameroncandau.com/ctf/OSCP/OFFSEC---Proving-Grounds-Writeups/Heist https://cameroncandau.com/ctf/OSCP/OFFSEC---Proving-Grounds-Writeups/Heist System Information OS: Windows Service Discovery Helper scripts source: github.com/CameronCandau/Pentest-Automation scan --autorecon 8080/tcp HTTP Summary : Bootstrap[3.3.6], HTML5, HTTPServer[Werkzeug/2.0.1 Python/3.9.0], JQuery[2.2.2], Python[3.9.0], Script, Werkzeug[2.0.1] “Super Secure Web Brows... Tue, 23 Jun 2026 07:15:27 GMT https://cameroncandau.com/ctf/OSCP/OFFSEC---Proving-Grounds-Writeups/Access https://cameroncandau.com/ctf/OSCP/OFFSEC---Proving-Grounds-Writeups/Access System Information OS: Windows Architecture: x86 Service Discovery Helper scripts source: github.com/CameronCandau/Pentest-Automation new-target access 192.168.228.187 cd ~/oscp/access scan.sh --autorecon 80/tcp HTTP feroxbuster points out /Ticket.php: We see that the “Buy Tickets” form submits to /... Tue, 23 Jun 2026 07:15:27 GMT https://cameroncandau.com/ctf/Archive/OFFSEC---Proving-Grounds-Writeups/Windows/Vault https://cameroncandau.com/ctf/Archive/OFFSEC---Proving-Grounds-Writeups/Windows/Vault Difficulty: Hard Credentials Guest: vault.offsec\anirudh:SecureHM Service Discovery Open Ports & Priority TCP Ports: 53 139 445 389 88 135 464 593 636 3268 3269 3389 5985 9389 49666 49667 49673 49674 49679 49703 Service Enumeration 3389 FQDN: DC.vault.offsec 53 AXFR failed, no useful info withou... Tue, 23 Jun 2026 07:15:27 GMT https://cameroncandau.com/ctf/Archive/OFFSEC---Proving-Grounds-Writeups/Windows/Squid/ https://cameroncandau.com/ctf/Archive/OFFSEC---Proving-Grounds-Writeups/Windows/Squid/ Difficulty: Easy Squid Notes & Methodology Start Here: Service Discovery This includes my mistakes, reasoning, and rabbit holes — it’s not the most direct way to solve the box! Findings Vulnerabilities and Suggested Remediation The open Squid http proxy allows anyone to enumerate the internal WA... Tue, 23 Jun 2026 07:15:27 GMT https://cameroncandau.com/ctf/Archive/OFFSEC---Proving-Grounds-Writeups/Windows/Squid/Service-Enumeration/3128-HTTP https://cameroncandau.com/ctf/Archive/OFFSEC---Proving-Grounds-Writeups/Windows/Squid/Service-Enumeration/3128-HTTP HyperText Transport Protocol Environment Variables / Setup export IP=192.168.159.189 export PORT=3128 export URL=http://$IP:$PORT Phase 1: Initial Reconnaissance Technology Stack Identification whatweb whatweb $URL p://192.168.159.189:3128 [400 Bad Request] Content-Language[en], Country[RESERVED][ZZ... Tue, 23 Jun 2026 07:15:27 GMT https://cameroncandau.com/ctf/Archive/OFFSEC---Proving-Grounds-Writeups/Windows/Squid/Service-Discovery https://cameroncandau.com/ctf/Archive/OFFSEC---Proving-Grounds-Writeups/Windows/Squid/Service-Discovery Initial Setup & Information Gathering Host Information Target IP:192.168.159.189 Operating System:Windows 2016 x64 Domain/Hostname:Squid Difficulty: Easy Environment Variables / Setup export IP=192.168.159.189 mkdir $IP && cd $IP mkdir {nmap,web,smb,ftp,exploit,loot} Phase 1: Port Discov... Tue, 23 Jun 2026 07:15:27 GMT https://cameroncandau.com/ctf/Archive/OFFSEC---Proving-Grounds-Writeups/Windows/Slort https://cameroncandau.com/ctf/Archive/OFFSEC---Proving-Grounds-Writeups/Windows/Slort Difficulty: Intermediate Service Enumeration For a more detailed scan of default ports: nmap $ip -oN default_ver_script.nmap -sV -sC PORT STATE SERVICE VERSION 21/tcp open ftp FileZilla ftpd 0.9.41 beta | ftp-syst: |_ SYST: UNIX emulated by FileZilla 135/tcp open msrpc Microsoft Windows RPC 139/tcp ... Tue, 23 Jun 2026 07:15:27 GMT