OSCP

Offsec - OnSystemShellDredd - Feb 27th 2023

1337 Sheets
1337 Sheets
·
Offsec - OnSystemShellDredd - Feb 27th 2023

Started the OSCP playground box to get warmed up again on boxes. Connected hacking boxes with learning music via sheet music. At first, it's based on sheet music until it's memorized and ingrained in muscle memory.

Target: [LAB_IP]

Net Scan: nmap -sC -sV -vv -p- [LAB_IP]

PORT      STATE SERVICE REASON  VERSION

21/tcp    open  ftp     syn-ack vsftpd 3.0.3

|_ftp-anon: Anonymous FTP login allowed (FTP code 230)

| ftp-syst:

|   STAT:

| FTP server status:

|      Connected to ::ffff:[LAB_IP]

|      Logged in as ftp

|      TYPE: ASCII

|      No session bandwidth limit

|      Session timeout in seconds is 300

|      Control connection is plain text

|      Data connections will be plain text

|      At session startup, client count was 1

|      vsFTPd 3.0.3 - secure, fast, stable

|_End of status

61000/tcp open  ssh     syn-ack OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)

| ssh-hostkey:

|   2048 59:2d:21:0c:2f:af:9d:5a:7b:3e:a4:27:aa:37:89:08 (RSA)

| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiOZxbr74TmNuWOBDmPInK6nZnRGfOMtZMJDBErXIPCZR9kdZDqJbkdRlnP8QLGuTl/t8qPgP863Rl1yfJLSv995PQ+oUZTSa21cGulVCtFFCKedJJJF9p2cAyYzjeA9qg1Ja7dOPtyPsSCplYzZcILwXZ52mg1k8VH2HUZ7DO0wMBYWONhkXWRR49gMN+IKge3DXNrfyHtnjMVWTwEtfqjFd+D70qi7UusZyfP2MogDX7LgRWC9RmvS6o8KxYW4psLWDB2dp/Nf3FitenY0UMPKkHrxxjeqfYZhFwENmHAsxzrHJo1acSrNMUbTdWuLzcLHQgMIYMUlmGvDkg31c/

|   256 59:26:da:44:3b:97:d2:30:b1:9b:9b:02:74:8b:87:58 (ECDSA)

| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNXNPAPJkUYF4+uu955+0RpMZKriG9olCwtkPB3j5XbiiB+B7WEVv331ittcLxibSBWqV2OO328ThebB2YF9qvI=

|   256 8e:ad:10:4f:e3:3e:65:28:40:cb:5b:bf:1d:24:7f:17 (ED25519)

|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5tk066endR9DMYxXzxhixx6c8cQ0HjGvYbtL8Lgv91

Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

#Linux target

FTP is open with anonymous FTP login

ftp [LAB_IP]

Connected to [LAB_IP].

220 (vsFTPd 3.0.3)

Name ([LAB_IP]:kali): anonymous

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>

Now to look for files

ftp> ls -alt

229 Entering Extended Passive Mode (|||60483|)

150 Here comes the directory listing.

drwxr-xr-x    3 0        115          4096 Aug 06  2020 ..