Home Funbox Medium box on Offensive Security Proving Grounds - OSCP Preparation.
Post
Cancel

Funbox Medium box on Offensive Security Proving Grounds - OSCP Preparation.

Hello,

We are going to exploit one of OffSec Proving Grounds Medium machines which called Funbox and this post is not a fully detailed walkthrough, I will just go through the important points during the exploit process.

Enumeration:

  • Nmap: nmap

  • Enumerating users on Wordpress running on port 80 using wpscan:
    1
    
    wpscan --url http://funbox.fritz.box/ -e u1-20
    
  • Valid wordpress users: users

  • Dictionary attack on ssh using hydra: hydra

Privilege Escalation:

  • Checking funny user home directory: funny-home

    • As shown in the picture above the script .backup.sh is writable by anyone on the box and it keeps running doing backup to /var/www/html
  • Exploit .backup.sh script:
    • Generating bash reverse shell payload: netcat

    • Injecting the payload to .backup.sh script: inject

  • Wainting for a few minutes and boom!: root

Happy Hacking!

This post is licensed under CC BY 4.0 by the author.

Tools - Reverse Shell Generator Bash Script.

HAwordy Medium box on Offensive Security Proving Grounds - OSCP Preparation.

Comments powered by Disqus.