OSCP Walkthrough

Scanning the box with “nmap -A -T4 -p- -vv”

There is a file caller “secret.txt” visiting this file we can see a base64 code that we can encode it:

It has an SSH private key, and the only thing we need now is the username, but first let’s save this file and name it id_rsa and give it a permission of 600:

Back to the nmap results we can see that port 80 is open so let’s visit the webpage:

As we can see from the webpage there is only one username which is “oscp”, we already have the SSH key so let’s login:

chmod 600 id_rsa

ssh -I id_rsa oscp@

We got in, now we need to break from the shell jail and enumerate to root:

This was very straight forward we became root just running “/bin/bash -p”

And we done!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s