Gowthamaraj

  • Name: symfonos: 4
  • Difficulty: Intermediate
  • Tested: VirtualBox
  • DHCP Enabled

OSCP-like Intermediate real life based machine designed to teach people the importance of trying harder.

This works better with VirtualBox rather than VMware.

Steps

  1. Port scanning with NMAP
  2. Gobuster on port 80 gives up some dirs and files.
  3. Use SQLi to bypass the auth
  4. there is a LFI, use it to get RCE
  5. Need to port forward the remote port and access the web application
  6. python deserialisation to RCE -> Root

--

--

Gowthamaraj

Gowthamaraj

What could be more fun than breaking stuffs!!!