Home HAwordy Medium box on Offensive Security Proving Grounds - OSCP Preparation.
Post
Cancel

HAwordy Medium box on Offensive Security Proving Grounds - OSCP Preparation.

By bing0o
Posted 2021-12-18 1 min read

Hello,

We are going to exploit one of OffSec Proving Grounds Medium machines which called HAwordy and this post is not a fully detailed walkthrough, I will just go through the important points during the exploit process.

Enumeration:

  • Nmap: nmap

  • Using wpscan against wordpress running on port 80, path /wordpress: image

  • The Exploit: image

  • phtml file to upload:

image

  • RCE: image

Privilege Escalation:

  • the wget binary on the system has the SUID bit: image

  • we can add our root user to the system by overwriting /etc/passwd file using wget:

    1. copying /etc/passwd file to our attack machine.

    2. creating new user named bingo with password pwned using openssl: image

    3. adding the new user to the downloaded passwd file: image

    4. uploading the new passwd file to the target machine and overwriting the remote /etc/passwd using wget: image

Happy Hacking!

OSCP, Proving Grounds
oscp medium box PG medium box enumeration wordpress misc privilege escalation suid linux
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents

Funbox Medium box on Offensive Security Proving Grounds - OSCP Preparation.

Loly Medium box on Offensive Security Proving Grounds - OSCP Preparation.

Comments powered by Disqus.