Infosec prep

os = linux

difficulty = easy

Nmap scan

lets start the enumeration from port 80.

we have a potential username which is oscp

so going over to the /secret.txt directory gotten from the nmap scan shows base64 encoded chars

decoding it with cyberchef gives ssh private key

so, let’s ssh into the box using the username and the key

Privilege escalation

Checking what binaries have SUID permissions, we find that /bin/bash is misconfigured

find / -perm -u=s -type f 2>/dev/null

so we can easily gain root by abusing it using /bin/bash -p

2nd way of gaining root

found out that the machine is vulnerable to pwnkit

so, exploitng it give us root.

Thanks.