Gowthamaraj

  • Level: Beginner-Intermediate
  • flags: user.txt and root.txt
  • Description: The machine is VirtualBox as well as VMWare compatible. The DHCP will assign an IP automatically. You’ll see the IP right on the login screen. You have to find and read two flags (user and root) which is present in user.txt and root.txt…

--

--

  • Name: symfonos: 4
  • Difficulty: Intermediate
  • Tested: VirtualBox
  • DHCP Enabled

OSCP-like Intermediate real life based machine designed to teach people the importance of trying harder.

This works better with VirtualBox rather than VMware.

Steps

  1. Port scanning with NMAP
  2. Gobuster on port 80 gives up some dirs and files.
  3. Use SQLi to bypass the auth
  4. there is a LFI, use it to get RCE
  5. Need to port forward the remote port and access the web application
  6. python deserialisation to RCE -> Root

--

--

Gowthamaraj

Gowthamaraj

What could be more fun than breaking stuffs!!!