Tre — Offensive Security Machine Complete Write-up
OSCP Type intermediate machine
This is one of the official machine from Offensive Security Proving Grounds
So starting of by exporting IP as environment variable and starting out with scanning services and open ports and found
Target IP: 192.168.100.133
Okay, so we got SSH and two HTTP services running and After hoping over to port 80 and found nothing uncommon.
So the wfuzz useful results are shown:
wfuzz -c -z file,/opt/Seclists/big.txt — hc 404 $URL
Using admin:admin as a default creds was able to hop over to $URL/mantisbt
After bruteforcing $URL/mantisbt directory with wfuzz, we got
After reaching to $URL/config/a.txt. BOOM!! we got database creds, using this creds in http://192.168.100.133/adminer.php and yes! it was a successful login
Using SQL command select * from mantis_user_table; and WOW! we got credentials
So I tried with tre creds for ssh and was a correct login!!
Now all I need is to escalate my privileges to gain root access, After recon in the target machine
I checked /usr/bin/check-system permission and then it was good to go
In a new terminal, I used OpenSSL to make a new salted combined username and password in MD5 algorithm as shown
And clearly we are root!!!!
That’s all for now!!!
Until Next time,
Stay Blink Blink
— — — — — — — — — — — — — — —
For any query please reach me out below: