DIGITALWORLD.LOCAL: JOY

Does penetration testing spark joy? If it does, this machine is for you.

Does penetration testing spark joy? If it does, this machine is for you.

This machine is full of services, full of fun, but how many ways are there to align the stars? Perhaps, just like the child in all of us, we may find joy in a playground such as this.

This is somewhat OSCP-like for learning value, but is nowhere as easy to complete with an OSCP exam timeframe. But if you found this box because of preparation for the OSCP, you might as well try harder. :-)

digitalworld.local: JOY
Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to…

Enumeration

Let’s enumerate 1 by 1

  • Always keep http enumeration at the end since it has larger attack surface.

There is no data on port 25, 80, 110, 139, 143, 445, 465, 587, 993, 995

More Enumeration…

  • We can use CPFR/CPTO command in FTP and get reverse shell. but we require certain parameters for it.
from SNTP enumeration

Exploitation

lateral privilege movement,

Privilege Escalation