Vulnhub InfoSec Prep: OSCP Walkthrough
- by Vince
-
in Blog
-
Hits: 5353
The description states: "This box should be easy. This machine was created for the InfoSec Prep Discord Server as a give way for a 30d voucher to the OSCP Lab, Lab materials, and an exam attempt."
Been a while since I've written I've been focusing heavily on a class but I needed a little distraction, saw the new Vulnhub look and feel, then saw this box. I thought maybe it would be a little more OSCP-like but I think the point was to make it accessible to a wider variety of player.
We kick off with Nmap:
We see the web port and MySQL on another port. We fire up Nikto:
Two things stand out -- /secret.txt and WordPress. We check out the site:
Checking out /secret.txt we find:
Looks like Base64. We decode:
And we get a private key. We save it and give it the proper permissions.
Now we need a username which we find here:
We SSH into the box:
We fire up LinePeas:
And we see that bash has some interesting permissions set. We visit gtfobins:
Executing bash with the -p flag:
And we're root. We just need to get the flag: