Home Funbox Medium box on Offensive Security Proving Grounds - OSCP Preparation.
Post
Cancel

Funbox Medium box on Offensive Security Proving Grounds - OSCP Preparation.

By bing0o
Posted 2021-12-12 1 min read

Hello,

We are going to exploit one of OffSec Proving Grounds Medium machines which called Funbox and this post is not a fully detailed walkthrough, I will just go through the important points during the exploit process.

Enumeration:

  • Nmap: nmap

  • Enumerating users on Wordpress running on port 80 using wpscan:
    1

    wpscan --url http://funbox.fritz.box/ -e u1-20

  • Valid wordpress users: users

  • Dictionary attack on ssh using hydra: hydra

Privilege Escalation:

  • Checking funny user home directory: funny-home

    • As shown in the picture above the script .backup.sh is writable by anyone on the box and it keeps running doing backup to /var/www/html
  • Exploit .backup.sh script:

    • Generating bash reverse shell payload: netcat

    • Injecting the payload to .backup.sh script: inject

  • Wainting for a few minutes and boom!: root

Happy Hacking!

OSCP, Proving Grounds
oscp medium box PG medium box enumeration wordpress misc privilege escalation linux
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents

Tools - Reverse Shell Generator Bash Script.

HAwordy Medium box on Offensive Security Proving Grounds - OSCP Preparation.

Comments powered by Disqus.