- Author Description
- Host Enumeration
- Squid Enumeration
- Nikto scan via Proxy
- Shellshock Bash Reverse Shell
- Local Enumeration
- Local Privilege Escalation
This CTF gives a clear analogy how hacking strategies can be performed on a network to compromise it in a safe environment. This vm is very similar to labs I faced in OSCP. The objective being to compromise the network/machine and gain Administrative/root privileges on them.
OpenSSH 5.9p1 Debian 5ubuntu1.1 (Ubuntu Linux; protocol 2.0)
Squid http proxy 3.1.19
Inspection of Squid using the metasploit module
auxiliary/scanner/http/squid_pivot_scanning discovered port 80 was exposed via the proxy.
Nikto scan via Proxy
Nikto was configured to use the discovered Squid proxy:
Nikto disclosed the location
/cgi-bin/status, indicating the target could be vulnerable to shellshock.
Shellshock Bash Reverse Shell
Burp Suite was used to manipulate
User-Agent: to include the bash reverse shell.
A reverse shell was established:
Local enumeration of the system disclosed the file
Local Privilege Escalation
The previously discovered credentials worked for MySQL root, and were reused for the user
sickos and again for
sudo as the user
Local Privilege Escalation:
Thanks for the VM :)