This is super friendly box intended for Beginner’s

Enumeration

  • SSH
  • DNS
  • POP3 / IMAP
  • HTTP

Steps to hack

  1. get the hint on the apache default page.
  2. enumerate users using wpscan on the wordpress site.
  3. brute-froce the login to find the password.
  4. Login and upload the reverse-shell.
  5. once inside, look around the home dir.
  6. Find the root pwd and become root
  • Level: Beginner-Intermediate
  • flags: user.txt and root.txt
  • Description: The machine is VirtualBox as well as VMWare compatible. The DHCP will assign an IP automatically. You’ll see the IP right on the login screen. You have to find and read two flags (user and root) which is present in user.txt and root.txt respectively.
  • Format: Virtual Machine (Virtualbox — OVA)
  • Operating System: Linux

Enumeration

  • Name: symfonos: 4
  • Difficulty: Intermediate
  • Tested: VirtualBox
  • DHCP Enabled

OSCP-like Intermediate real life based machine designed to teach people the importance of trying harder.

This works better with VirtualBox rather than VMware.

Steps

  1. Port scanning with NMAP
  2. Gobuster on port 80 gives up some dirs and files.
  3. Use SQLi to bypass the auth
  4. there is a LFI, use it to get RCE
  5. Need to port forward the remote port and access the web application
  6. python deserialisation to RCE -> Root

Gowthamaraj

What could be more fun than breaking stuffs!!!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store