Professional Documents
Culture Documents
arvandy_com_oscp_second_week
arvandy_com_oscp_second_week
MENU
Day 8
Exploited Machines (3): Tophat, Dotty, Leftturn
Day 9
Exploited Machines (3): DJ, Susie, Oracle
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Day 10
Exploited Machines (3): Hotline, Alpha, Beta
Day 11
Exploited Machines (3): Gamma, Core, Kevin
Day 12
Exploited Machines (3): Mail, JD, Punchout
Day 13
Exploited Machines (3): Pedro, Sean, Joe
Day 14
Exploited Machines (2): Slave and Observer
This week I exploited 20 machines and unlock IT Network. Pivoting required to exploits the machines in IT network, personally I use
Proxychains with socks4. The lab getting harder and interesting, some of the machines cannot be exploited directly. To exploit them
the relationship between machines must be find out first. Some of the machines have easy or unintended way to exploit but it always
better to do the intended way, it teach a lot.
For the last couple of days, I keep checking the exam slot availability. The slot has been filled till 20 August, but today I check and
found the slot on 14 and 15 August. It could be some of the students rescheduled their exams date. I decide to scheduled my exam
on 15 August, 15:00.
TIPS:
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
POST Enumeration is really important. Make sure you do and document it or you gonna need to return to all of the machines you
have been exploited.
Some binaries/executables on the machine not located in the default PATH. If your rev-shell/RCE didn’t work, enumerate more.
If you encounter login page of certain software, first things you need to do is looking for its default login credentials on google.
Developer guide manual of certain software can be a good resource if you unfamiliar with the software.
If you see a lot of ports open from NMAP result, go for the low hanging fruit first such as Samba and FTP.
After you get low privilege shell, make sure you spawn TTY shell. Some exploits won’t work without TTY shell.
OSCP
2 Comments
rowbot
JULY 30, 2018
Great posts. What do you mean by ” Some binaries/executables on the machine not located in the default PATH. If your rev-shell/RCE
didn’t work, enumerate more “
REPLY
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Arvandy
JULY 31, 2018
Thanks rowbot.
For example you know that certain programming languages such as php installed on the target machine and you successfully
obtain RCE but your php reverse shell attempts keep failing.
The reason could be the php installed on the directory/location that not defined on PATH variable of the machine environment
variables.
So when you execute the php reverse shell command, it will failed because the system cannot find the php binary.
REPLY
Leave a Reply
Your email address will not be published. Required fields are marked *
Comment
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.
Post Comment
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Search...
Recent Posts
ROP Emporium – Fluff
Categories
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
OSCP
PentesterLab
ROP
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD