Tre — Offensive Security Machine Complete Write-up

OSCP Type intermediate machine

This is one of the official machine from Offensive Security Proving Grounds

So starting of by exporting IP as environment variable and starting out with scanning services and open ports and found

Target IP: 192.168.100.133

Okay, so we got SSH and two HTTP services running and After hoping over to port 80 and found nothing uncommon.

So the wfuzz useful results are shown:

wfuzz -c -z file,/opt/Seclists/big.txt — hc 404 $URL

Using admin:admin as a default creds was able to hop over to $URL/mantisbt

After bruteforcing $URL/mantisbt directory with wfuzz, we got

After reaching to $URL/config/a.txt. BOOM!! we got database creds, using this creds in http://192.168.100.133/adminer.php and yes! it was a successful login

Using SQL command select * from mantis_user_table; and WOW! we got credentials

So I tried with tre creds for ssh and was a correct login!!

Now all I need is to escalate my privileges to gain root access, After recon in the target machine

I checked /usr/bin/check-system permission and then it was good to go

In a new terminal, I used OpenSSL to make a new salted combined username and password in MD5 algorithm as shown

And clearly we are root!!!!

That’s all for now!!!

Until Next time,

Stay Blink Blink

— — — — — — — — — — — — — — —

For any query please reach me out below:

Linkedin: https://www.linkedin.com/in/user-neeleshpatel/

--

--

--

Cybersecurity | CTFs | Networking |

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Four of the World’s Top Hackers Talk Cyber War, Hacking, Metaverse, Privacy, and Life

{UPDATE} Solitare & Puzzles Hack Free Resources Generator

{UPDATE} Blades Tale Hack Free Resources Generator

FIFA Airdrop.

“Tale of corona and jasmine sprout”

Internet gamepokerqq— How In order to Stay Safe From Rigged Games and also Cheats

Shodan: The Search Engine for Hackers

What is KYVE

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Neelesh Patel

Neelesh Patel

Cybersecurity | CTFs | Networking |

More from Medium

FALL Vulnhub Walkthrough

Cyber Detective CTF Writeup

Hack The Box — Jeeves

TryHackMe walkthrough — Hydra