An Inspiring Write up from Proving grounds
As we approach any penetration testing engagement we start with information gathering, information gathering in Cyber Security is a crucial step that should not be avoided, same goes for enumeration.
There are many tools that can be used for enumeration or information gathering.
Lets start with an nmap scan:
As shown in the output above, the scan finished and we got some interesting results!
by examining the open port we can see that anonymous login is allowed, which means we can authenticate using FTP with Anonymous credentials.
Lets go to the next step:
As shown above we can mess around with FTP, and there we go! found a private key for SSH!
I found a hidden directory called hannah, also in that directory there was a private SSH key!
Lets use that SSH private key to connect to the box using hannah as the username.
Afterwards, for privilege escalation we use a handy tool for hunting for privesc, the tool is called linpeas!
As shown above, I’m transferred linpeas.sh to the tmp directory to work from there on automating linpeas scan!
next we find these possible privesc vectors, lets check out CPUlimit to see if it goes as planned!
I got this results from using this command:
find / -perm -u=s -type f 2>/dev/null
This binary needs its UID and GID bits set. We may accomplish this by using chmod +s.
To get root we enter the following commands :
cpulimit -l 100 -f chmod +s bash
/bin/bash -p
whoami
BINGO!
we got root!
Thanks a lot for reading, if you love my content and want to see more clap and share my stories! you can also check the other stories which are definitely worth checking out, cheers!
