CTF Walkthrough

OSCP: Easy [Vulnhub] Walkthrough | Writeup

OSCP: Easy [Vulnhub] Walkthrough | Writeup

Hello Hackers,

Happy New Year everyone!!

Have a sparkling New Year!

Let’s read some Cybersecurity Blogs

Today we are going to solve the OSCP machine it is an EASY Level machine, you can download it from VULNHUB.

Let’s start, first thing is you need to start your machine from Virtualbox.

We are not supposed to ping scan the whole network to know the IP address of the machine, it has given on the machine.

STEP 1 :

Scan the network using “Nmap” to find the open ports & their versions.

sudo nmap -v -A $IP
-v = verbose
-A = Aggressive

We have found 2 open ports: 22 & 80

(22 – SSH & 80 – WEB)

Nmap has given a very interesting thing that has minimized your directory search time.

STEP 2 :

Explore(Reconnaissance) over the website and find some important data that can help us to get the shell,

I got a username “OSCP” in his website blog.

STEP 3 :

Check the directory which we have got from the NMAP “/secret.txt“.

STEP 4 :

Decode the base64 encoded string from wherever you can do, it will result like this…

We got a Private SSH key, this will help us to take the SSH shell…

STEP 5 :

Save this key somewhere, I have this in my home directory named “id_rsa

Once you save the file, you need to give permission to the file (only read & write).

chmod 600 id_rsa
STEP 6 :

We have a user “oscp” and private key, we can easily take SSH shell using these two things

sudo ssh oscp@$IP -i id_rsa
-i = identity file
STEP 7 :

Now we need to search the things and find the files which will have some permission, which will help us to Escalate our Privilege.

we can run the script which will automate finding the permission of a file, services running, and give it to us.

copy the content from here to the machine or download it using “wget“, give permission to the file (+x,777), and simply execute it using “./

STEP 8 :

Now we need to check properly each and everything, after checking all the things we found something interesting “/bin/bash” file has given “suid” permission (set user identification).

STEP 9 :

Search if there any exploitable technique is available for this, you can refer to the “GTFObins”(privilege escalation) website.

Once you reach here, read some steps for bash suid exploit.

STEP 10 :

Use this command to get the “root” shell.

/bin/bash -p

Here we got the root shell “#” and now we just have to search for the flag, which is usually kept in /root directory.

We got the flag…!!

It’s done for today, Bye!!!

Happy Hacking!!

Share this post

About the author

Leave a Reply

Your email address will not be published. Required fields are marked *