INFOSEC OSCP VOUCHER
- Layout for this exercise:
1 - INTRODUCTION
- The goal of this exercise is to develop a hacking process for the vulnerable machine InfoSec OSCP Voucher, from the VulnHub pentesting platform.
https://www.vulnhub.com/entry/infosec-prep-oscp,508/
- Once the virtual machine downloaded and extracted with VirtualBox:
2 - ENUMERATION
- Scanning with Nmap:
- Scanning deeper port 80 we find robots.txt and the file secret.txt:
- Browsing the web server:
- However the most interesting piece of information is at the bottom part: "the only user on this box is oscp"
- secret.txt is a large text file ended with == , so it is probably encoded with base64:
- Transferring secret.txt to Kali:
- Decoding secret.txt and passing to a new file named key, we discover it is an OpenSSH Private key:
3 - EXPLOITATION
- Setting right permissions to key:
- Now we can SSH with user oscp and key:
4 - PRIVILEGE ESCALATION
- Looking for binaries with SUID, let's focus our attention on /usr/bin/bash:
- Finally it's easy to get a root shell, just running /usr/bin/bash with option -p:
5 - CAPTURING THE FLAG
- Going to root's folder and reading the flag:
