Sunsetnoontide Offsec’s proving ground write-up

As Always and as I frequently explain and document in my write-ups, in every penetration testing engagement we start by information gathering.

Pinging the target to check if it’s available for communication.

in the image shown above we ping target to check if it’s up, what ping command do is send ICMP requests to the target to check if it’s available for communication and further exploitation.

Next we scan the target using our handy tool which is nmap:

Scanning the target for open ports with nmap.

I already ran the scan you can check it below:

Scan results.

In the next phase, I looked at the current services and found the right exploit as the image shown below:

using searchsploit tool we scrap exploitDB to check for possible exploits.

The metasploit module seems a good match, after trying it it seems that this exploit isn’t a viable approach!

it seems that the exploit not working through metasploit or maybe requires some modifications, however I stumbled upon this webpage after some googling and gained a foothold successfully!

Finding the right exploit after some googling, because the metasploit module wasn’t working.

Successfully gaining full access, rooted!

lets keep going next for privilege escalation, it turns out and after some overthinking trying different methods for privilege escalation the PE Vector was actually simple which was weak root password.

the password for the root user was root.

Thanks for reading my write-up, stay tuned for the next ones!