Скачать или смотреть OSCP Practice with Proving Grounds - DriftingBlue6

In this video, we take on DriftingBlue6 from OffSec Proving Grounds Practice in preparation for the OSCP exam. Now, this was an easy level box that rewards for good enumeration and situational awareness. We end up enumerating a web application that allows us to find a zip file.

We then grab credentials from that zip file that allow us to log into the CMS that we discovered, OffSec enjoys using publicly available exploits so we enumerate the version of the CMS that is running in order to find a vulnerability that allows us to simply upload a PHP reverse shell which gives us access to the box. We then use a privilege escalation script to identify what privilege escalation methods the machine is vulnerable to, and use a kernel vulnerability to escalate privileges. With all that being said, hope you enjoyed the proving grounds walkthrough!

If you guys enjoyed the video and want to see us go through more OSCP practice machines go ahead and subscribe!:
   / @subluu  

Timestamps:
0:00 Introduction
0:39 Start of nmap scan
1:23 Start of web application enumeration where we find a robots.txt entry
2:09 Enumeration directories on the web application using FFUF
3:04 Finding a Textpattern CMS running on the web application and trying to find a login for it
5:13 Checking out what the directories we found through FUFF lead to and finding an password protected zip
5:58 Using zip2john to create a hash from the zip file that is crackable through JTR
7:07 Getting credentials from the zip file and using those creds to log into the CMS
8:00 Logging into Textpattern CMS and enumerating the version to find a public exploit
9:30 Manually exploiting a file upload vulnerability on the CMS and utilizing our directory enumeration in order to find and execute our PHP code
11:07 Troubleshooting our PHP system call to see why it was not working
12:12 Gaining RCE on the machine, and using BurpSuite decoder to create an encoded reverse shell payload and sending it through a POST request
14:46 Beginning of manual enumeration of the backend server and using python to get a stable TTY shell
16:32 Finding out that the Linux kernel version is vulnerable to 'Dirty Cow' exploit
17:00 Enumeration of other services running on localhost of the machine
17:25 Finding MySQL credentials and logging into the server to see if there are any other credentials that can be harvested through the database
19:07 Uploading and running linpeas to see if it is able to find that the machine is vulnerable to 'Dirty Cow'
21:38 Finding 'Dirty Cow' on exploit-db, downloading the C file and uploading it to the box
22:21 Compiling dirty.c on the machine with gcc in order to be able to run the exploit
24:33 Cleaning up our mess and replacing the passwd backup file with the modified passwd file

#capturetheflag #hackthebox #cybersecurity #offensivesecurity #oscp #provinggrounds #offsec #ethicalhacking #cybersec