ADITYA'S BLOG

Welcome to the walkthrough of InfoSec Prep: OSCP walkthrough. It is a beginner-level boot2root machine and it can be downloaded from  here . I cracked this machine literally 5 minutes after it booted properly. So you can consider this machine the easiest.  Hint: Nmap Finding secret.txt and decoding it. Login via ssh. Privilege escalation to root via SUID binary.  Boot up the machine and it should show the IP address. We start off by pinging the box to verify that the box is up and running and we can reach out to it. Command: ping <IP> Then we can run Nmap scan to look for open ports and services running on the box. We will use -sC for running default scripts, -sV for Version/Service info and -T4 for faster execution, and -o for saving the result on a file named nmap The command is: sudo nmap -sC -sV -T4 <IP> -o filename Looking at the scan results, port 22 is open and running ssh, and port 80 is open, and it's running Apache. We can also see a directory named secret.txt

HackTheBox  is an excellent platform for various pen-testers to increase their testing skills and increasing knowledge. Machine Level -Easy Machine Name -Lame Machine OS -Linux Machine IP -10.10.10.3 Tools: Nmap  -Nmap is a fantastic tool for scanning open ports, services, and OS detection. You can use other tools other than Nmap (whichever you are more comfortable with ) like Masscan, SPARTA, etc to scan for open ports. Metasploit  -One of the most common and widely used tools by pen-testers to launch exploits, it is maintained by Rapid 7. Many books are available to understand the features of this tool. We will be performing the attack by two methodologies (using and without using Metasploit). Methodology 1 (using Metasploit) Scanning the machine is the first step(i.e. Enumeration). We use the following Nmap command, nmap -sSVC 10.10.10.3 (we can run the command with sudo privileges if an error occurs regarding privileges.) The command scans for only open p