InfoSec Prep OSCP — Walkthrough

Initial Scan

nmap -A -T4 -p- ‘machine ip’

Nmap result shows that there are 3 ports open.

22 — SSH

80 — HTTP

33060 mysqlx?

As we know HTTP is running let’s enumerate it first.

We could not find anything interesting on homepage let’s dig deep.

So we have find a /robots.txt let’s enumerate that one.

Found another text file int robots.txt directory. /secret.txt.

Bingo, We had a base64 decoded data. Let’s encrypt and see what they are hiding.

We had a ssh key. As from the nmap scan results we can login to ssh server now with this key.

ssh oscp@machine-ip -i key

Let’s find -perm for root.

we had /bin/bash let’s try this out.

Bingo, We are root now.

Now navigate to /root directory. And capture your flag.txt.

Thank you :)