BigHead
BigHead
BigHead 164
BigHead
RETIRED MACHINE

BigHead

BigHead - Windows Windows
BigHead - Insane Insane

5

MACHINE RATING

384

USER OWNS

378

SYSTEM OWNS

24/11/2018

RELEASED
Created by 3mrgnc3

Machine Synopsis

Bighead is an "Insane" difficulty windows box which deals with advanced binary exploitation, registry enumeration, code review and NTFS ADS. The source code of the web server is found on github which needs to be analyzed to find an overflow in a HEAD request. It can be exploited using heap spraying and egg hunting which results in a shell. Registry enumeration leads to hex encoded password for nginx which is used to obtain an ssh shell through port forward. On reviewing the PHP code a file vulnerable to LFI is found which is exploited to gain a root shell. The root flag has an ADS which is a keepass database. This is cracked using the key to gain the final flag.

Machine Matrix

Ready to start your
hacking journey?