Persecure : my learning archive

, ,

Infosec Prep: OSCP

https://www.vulnhub.com/entry/infosec-prep-oscp,508/

Review

  • Find hidden directories on web server
  • Decrypt clues with base64
  • Edit files to gain information needed

Enumeration

Run nmap scan to find for open ports.

Found a user.

Run a gobuster scan to find for hidden directories.

Found a base64 script

Use cyberchef to decode the base64 code and it is a RSA key.

Foothold

SSH into oscp user with the RSA key

There is txt file call ip that is run by root and sends out the ip address.

Let’s edit the file and list out the root folder in a ls.txt file. Chmod the file to view it. Restart the machine.

Edit the ip file script again to cat the flag.txt file.

Flag is found

Privilege escalation

Even though the flag is found we can gain root access with the following.

/bin/bash indicates a setuid info, these does not seem right.
root shell is gained.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Comments (

0

)

%d bloggers like this: