Home Loly Medium box on Offensive Security Proving Grounds - OSCP Preparation.
Post
Cancel

Loly Medium box on Offensive Security Proving Grounds - OSCP Preparation.

By bing0o
Posted 2021-12-20 1 min read

Hello,

We are going to exploit one of OffSec Proving Grounds Medium machines which called Loly and this post is not a fully detailed walkthrough, I will just go through the important points during the exploit process.

Enumeration:

  • Nmap: image

  • Using wpscan against wordpress running on port 80:
    1

    wpscan --rua --url http://loly.lc/wordpress/ -P /usr/share/wordlists/rockyou.txt
  • We found a valid Credentials for wordpress:

image

Getting Shell:

  1. First lets make a shell and zip it: image

  2. Uploading the shell: image

  3. Access the shell: image

  4. We got RCE: image

Privilege Escalation:

  • Creds on wp-config.php file:
1
2
3
4
5

/** MySQL database username */
define( 'DB_USER', 'wordpress' );

/** MySQL database password */
define( 'DB_PASSWORD', 'lolyisabeautifulgirl' );
  • Switching to loly user using the password that we found on wp-config.php file: image

Kernel Exploit:

  • Enumeration: image

  • The Exploit:
    • https://packetstormsecurity.com/files/148517/Linux-Kernel-Local-Privilege-Escalation.html
  • Getting root: image

Happy Hacking!

OSCP, Proving Grounds
oscp medium box PG medium box enumeration wordpress misc privilege escalation kernel linux
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents

HAwordy Medium box on Offensive Security Proving Grounds - OSCP Preparation.

My-CMSMS Medium box on Offensive Security Proving Grounds - OSCP Preparation.

Comments powered by Disqus.