PRIME: 1 | Writeup

This machine is designed for those one who is trying to prepare for OSCP or OSCP-Exam.

This is first level of prime series. Some help at every stage is given. Machine is lengthy as OSCP and Hackthebox’s machines are designed.

So you have a target to get root flag as well as user flag.

Prime: 1
This website uses 'cookies' to give you the best, most relevant experience. Using this website means you're happy with…

Enumeration

We only have port 80, so enumerate hard on this.

nothing critical from nikto

After doing gobuster on the port 80, i found a lead,

it asks as to find a parameter in the *.php files
it is getting ctfish 👻
got the right parameter

let’s wfuff it,

Hint

we have victor, saket, and the password follow_the_ippsec

we can login to the wordpress, using the cred:

victor:follow_the_ippsec


Exploitation

edit the theme secret.php with reverse shell php code

Privilege Escalation

Used the kernel exploit CVE-2017–16995 to escalate the privilege.


Photo by Toa Heftiba on Unsplash