Note: In an attempt to be OSCP friendly, NONE of my write ups will utilize Metasploit. Zero. Zip. Tell your friends.
As always, we’ll start with our standard nmap scan: nmap -sC -sV 10.10.10.168
And it looks like there’s quite a few things open:
So we have port 8080, which is often used as a web browser port/http, so let’s bring up our browser and see what that’s all about.
If we scroll down on the webpage far enough, we see that there’s a .py script/source code we probably want to take a look at:
So, time to enumerate.
We’ll start with gobuster: gobuster dir -u http://10.10.10.168:8080 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
And stuff went belly up super quick….some Googling this error stated that this can come up when the server sends back invalid HTTP responses…so let’s try another tool. Wfuzz.
Wfuzz
Wfuzz is used to brute force web applications, so let’s give it a shot. We’ll use the medium.txt file that is stored in the wfuzz directory in Kali linux:
Wfuzz doesn’t like us pointing to d
And then we’ll use this command: wfuzz -c -z file,/usr/share/wfuzz/wordlist/general/medium.txt -u http://10.10.10.168:8080/FUZZ/SuperSecureServer.py
Let’s break this command down:
– c specifies output with colors
-z specifies the payload, in this case the word FUZZ.
So what will happen is it will take every word in the medium.txt file and put it in the location of FUZZ above and hopefully we’ll find a directory.
Let’s run it:
It get spammy fast. So scroll through the output and you’ll see a response code 200 for the word develop
So let’s navigate to that page:
Figure out how this works…write a script….
Shell
When we navigate to /home we see that there is only one directory: robert
And there’s a bunch of stuff in this directory:
When we try to look at the user.txt file we have a problem:
Let’s check out the check.txt file:
So…we notice in our current directory there is already a file called out.txt so let’s cat it:
Let’s also look at that passwordreminder.txt file:
We had to use hd to look at it because cat gave us garbage.
And then the .py file:
Ugh…this is what it looks like happens:
The characters are converted into ASCII codes, and then added to the key. Then they’re converted into characters.
So, after some analysis I think this is what’s going on:
1. SuperSecureCrypt.py is the file used to encrypt
2. check.txt is the clear text of the encrypted file out.txt
3. out.txt is the encrypted text of check.txt
4. passwordreminder.txt is the encrypted password for the user robert
So, the interesting thing about the way this is encrypted is that you can obtain the password used in the encrypted text if you know the clear text. So let’s try something: python3 SuperSecureCrypt.py -d -k “Encrypting this file with your key should result in out.txt, make sure your key is correct!” -i out.txt -o /tmp/passwd.txt
The reason we re-direct it to /tmp/ is because everyone had write access to /tmp/ by default, and the first time I tried running this script I got access denied.
It looks like the password might be alexandrovich and it might repeat? Or that might be a bug in my janky code. We’ll see. Let’s see if we can use that to get some more info. Now that we have the password, we should be able to decrypt the password for the user robert from the passwordreminder.txt file: python3 SuperSecureCrypt.py -d -k alexandrovich -i passwordreminder.txt -o /tmp/robertpwd.txt
Now, let’s try to SSH into the box with this new password. Open up a new terminal window and type ssh [email protected] with the password SecThruObsFTW
And the user flag is right there:
Root
Doing a quick sudo -l on Robert’s account shows us something interesting:
So we can run the script in /home/robert/BetterSSH/BetterSSH.py without a password. So let’s go check it out.
And if we cat it there’s a lot going on:
The last part of the script stands out:
Basically, if we run this script and enter the correct password for the user (which we have, since we used it to SSH into the box) commands will be run inside the host as root. So, if our command starts with -u root the command will be executed as root.
Or not…I got errors just trying to get the script to run. Let’s look at the script again.
It looks like this script reads the contents of /etc/shadow and then writes its contents to a temp file. We should be able to watch the temp file in the /tmp/SSH directory while we run the BetterSSH.py script to get the contents of the /etc/shadow file. For some reason there’s a .1 second sleep in the script file and we can use this delay in our script too in hopes of improving our chances of reading this temp file. To do this, we’re gonna need to SSH into the box again.
And that failed…with the same error. Let’s try this again…
So after banging my head against the wall for like..an hour..I double checked the /tmp directory.
And there’s no SSH folder which is required by the script. So let’s create that directory and then try again.
Success. Now…let’s try to run a command as root to get the flag: -u root cat /root/root.txt
And you’ll see that it worked!
На данном сайте можно ознакомиться с информацией о системах видеонаблюдения, их видах и особенностях. Здесь представлены полезные сведения о выборе оборудования, его установке и конфигурации.
https://smd.mybb.ru/viewtopic.php?id=6286#p28227
This comprehensive resource serves as an thorough guide to the domain of modern video surveillance, providing valuable insights for both skilled CCTV installers and entrepreneurs seeking to improve their protection systems.
Video Surveillance
The site delivers a detailed analysis of online video surveillance systems, examining their benefits, drawbacks, and real-world applications.
Здесь размещены актуальные события РФ и мира .
Вы найдете важные статьи на различные темы.
https://ecopies.rftimes.ru/
Будьте в курсе главных событий в любое время.
Надежность и оперативность в каждом материале .
На данной платформе вы найдете клинику психологического здоровья, которая предоставляет психологические услуги для людей, страдающих от тревоги и других ментальных расстройств. Мы предлагаем эффективные методы для восстановления ментального здоровья. Наши опытные психологи готовы помочь вам справиться с психологические барьеры и вернуться к психологическому благополучию. Опыт наших психологов подтверждена множеством положительных обратной связи. Обратитесь с нами уже сегодня, чтобы начать путь к лучшей жизни.
http://alkonlaw.com/__media__/js/netsoltrademark.php?d=empathycenter.ru%2Fpreparations%2Fl%2Flamotridzhin%2F
I really appreciate this post. I’ve been looking everywhere for this! Thank goodness I found it on Bing. You have made my day! Thanks again
На данной платформе вы найдете учреждение психологического здоровья, которая предоставляет профессиональную помощь для людей, страдающих от депрессии и других психологических расстройств. Эта эффективные методы для восстановления психического здоровья. Наши специалисты готовы помочь вам преодолеть проблемы и вернуться к психологическому благополучию. Опыт наших специалистов подтверждена множеством положительных обратной связи. Свяжитесь с нами уже сегодня, чтобы начать путь к лучшей жизни.
http://lhmvwavondale.com/__media__/js/netsoltrademark.php?d=empathycenter.ru%2Fpreparations%2Fl%2Flamotridzhin%2F
На этом ресурсе вы найдете учреждение психологического здоровья, которая обеспечивает психологические услуги для людей, страдающих от стресса и других ментальных расстройств. Эта комплексное лечение для восстановления ментального здоровья. Наши опытные психологи готовы помочь вам преодолеть проблемы и вернуться к гармонии. Опыт наших врачей подтверждена множеством положительных отзывов. Запишитесь с нами уже сегодня, чтобы начать путь к оздоровлению.
http://littlebluepills.com/__media__/js/netsoltrademark.php?d=empathycenter.ru%2Fpreparations%2Ff%2Ffenibut%2F
I couldn’t resist commenting
Game Athlon is a renowned gaming site offering exciting casino experiences for gamblers of all levels.
The casino features a extensive collection of slot games, live dealer games, card games, and betting options.
Players can enjoy seamless navigation, high-quality graphics, and user-friendly interfaces on both desktop and mobile devices.
http://www.gameathlon.gr
GameAthlon focuses on security by offering trusted payment methods and transparent RNG systems.
Reward programs and VIP perks are frequently refreshed, giving members extra incentives to win and have fun.
The helpdesk is on hand around the clock, supporting with any questions quickly and politely.
GameAthlon is the top destination for those looking for fun and big winnings in one safe space.
Exquisite wristwatches have long been a benchmark of excellence. Crafted by world-class watchmakers, they seamlessly blend tradition with cutting-edge engineering.
Each detail embody superior quality, from hand-assembled movements to luxurious finishes.
Wearing a timepiece is not just about telling time. It represents refined taste and exceptional durability.
No matter if you love a classic design, Swiss watches deliver extraordinary reliability that lasts for generations.
http://sevenwater.square7.ch/bhearts/showthread.php?tid=449
You can find a comprehensive collection of certified medicines for different conditions.
Our online pharmacy guarantees speedy and reliable order processing to your location.
Every item is supplied by licensed suppliers so you get safety and quality.
Feel free to browse our online store and place your order hassle-free.
If you have questions, Pharmacy experts is ready to assist you at any time.
Stay healthy with reliable e-pharmacy!
https://www.apsense.com/article/837652-priligy-revolutionizing-the-treatment-of-premature-ejaculation.html
Качественная дамская сумочка — это не просто дополнение к образу, а ключевой элемент каждой женщины.
Она подчеркивает стиль и помогает проявить вкус.
Но не только это важно — хорошая сумка должна отличаться функциональностью и эргономичным дизайном.
https://rentry.co/9tzgdnfu
В ней удобно носить телефон, ключи, косметику и даже больше.
Выбор сумки — это всегда создать гармоничный образ.
А у вас есть любимый аксессуар, без которого не обходится ни один выход?
Purchasing medicine online can be far easier than going to a physical pharmacy.
There’s no reason to deal with crowds or worry about store hours.
Online pharmacies allow you to buy your medications from home.
Many platforms provide discounts compared to brick-and-mortar pharmacies.
http://conference.iroipk-sakha.ru/forums/topic/%d0%bf%d0%be%d1%81%d1%82%d0%b0%d0%b2%d0%b8%d1%82%d1%8c-%d1%81%d1%82%d0%b0%d0%b2%d0%ba%d1%83-%d0%b2%d0%b0%d0%b2%d0%b0%d0%b4%d0%b0/page/37/#post-805717
Plus, it’s easy to check various options without hassle.
Fast shipping means you get what you need fast.
Have you tried purchasing drugs from the internet?
Наша компания предлагает помощью приезжих в Санкт-Петербурге.
Оказываем содействие в подготовке документов, прописки, и формальностях, для официального трудоустройства.
Наши специалисты консультируют по миграционным нормам и направляют правильный порядок действий.
Оказываем поддержку как с временным пребыванием, так и с гражданством.
С нами, ваша адаптация пройдет легче, решить все юридические формальности и спокойно жить в этом прекрасном городе.
Обращайтесь, для консультации и помощи!
https://spb-migrant.ru/
Почему BlackSprut привлекает внимание?
BlackSprut удостаивается внимание многих пользователей. Но что это такое?
Данный ресурс предоставляет интересные функции для своих пользователей. Интерфейс системы характеризуется функциональностью, что делает платформу доступной даже для тех, кто впервые сталкивается с подобными сервисами.
Необходимо помнить, что этот ресурс обладает уникальными характеристиками, которые формируют его имидж в определенной среде.
Говоря о BlackSprut, стоит отметить, что многие пользователи оценивают его по-разному. Многие выделяют его удобство, а кто-то относятся к нему с осторожностью.
Таким образом, данный сервис остается предметом обсуждений и удерживает внимание широкой аудитории.
Доступ к BlackSprut – узнайте здесь
Хотите узнать свежее зеркало на BlackSprut? Это можно сделать здесь.
https://bs2best
Сайт часто обновляет адреса, поэтому важно знать актуальный домен.
Свежий адрес всегда можно узнать у нас.
Посмотрите рабочую версию сайта у нас!
This website provides access to plenty of video slots, suitable for all types of players.
On this site, you can explore traditional machines, modern video slots, and huge-win machines with amazing animations and immersive sound.
If you are looking for easy fun or prefer bonus-rich rounds, you’re sure to find something that suits you.
https://itool.su/pages/pokupka_kvartiry_na_etape_kotlovana_strategiya_bezopasnyh_investiciy.html
Each title are available around the clock, right in your browser, and well adapted for both all devices.
Apart from the machines, the site provides tips and tricks, bonuses, and community opinions to help you choose.
Sign up, start playing, and get immersed in the world of digital reels!
Making informed health choices requires access to reliable, unbiased information. The internet offers vast resources, but quality varies significantly. Developing critical appraisal skills for health information is important. Understanding the fundamentals of medical preparations helps in this evaluation. Knowing about drug classes and mechanisms provides context. A dependable guide can make this complex landscape easier to navigate. The iMedix podcast aims to be that guide for health information seekers. Recognized as one of the iMedix best podcasts, it values accuracy. Listen to the iMedix popular podcasts for well-researched content. Follow my health online podcast choice: iMedix.
The role of pharmacists extends beyond dispensing medications. Understanding their expertise in drug interactions and side effects is valuable. Learning how pharmacists contribute to medication management improves safety. Familiarity with the advice they can offer on over-the-counter medical preparations is practical. Knowing they are accessible healthcare professionals encourages consultation. Finding information that highlights the pharmacist’s role enhances healthcare navigation. The iMedix podcast values interdisciplinary perspectives in healthcare. It functions as a health care podcast recognizing various professional roles. Tune into the iMedix health podcast for insights into the pharmacy world. Welcome to iMedix, promoting collaborative health understanding.
Taking one’s own life is a serious phenomenon that touches many families around the globe.
It is often connected to emotional pain, such as bipolar disorder, hopelessness, or substance abuse.
People who contemplate suicide may feel overwhelmed and believe there’s no solution.
How to kill yourself painless
Society needs to talk openly about this topic and support those in need.
Early support can reduce the risk, and reaching out is a brave first step.
If you or someone you know is in crisis, don’t hesitate to get support.
You are not alone, and help is available.
Self-harm leading to death is a complex topic that affects millions of people around the globe.
It is often associated with emotional pain, such as depression, stress, or substance abuse.
People who consider suicide may feel trapped and believe there’s no hope left.
how-to-kill-yourself.com
We must spread knowledge about this subject and support those in need.
Mental health care can save lives, and talking to someone is a crucial first step.
If you or someone you know is in crisis, please seek help.
You are not alone, and there’s always hope.
На нашем портале вам предоставляется возможность испытать широким ассортиментом игровых слотов.
Слоты обладают красочной графикой и интерактивным игровым процессом.
Каждая игра даёт уникальные бонусные раунды, увеличивающие шансы на выигрыш.
1xbet казино официальный сайт
Слоты созданы для игроков всех уровней.
Вы можете играть бесплатно, и потом испытать азарт игры на реальные ставки.
Попробуйте свои силы и окунитесь в захватывающий мир слотов.
Medical ethics involves principles guiding healthcare decisions and research always fundamentally fundamentally fundamentally fundamentally. Understanding concepts like informed consent and confidentiality is vital always critically critically critically critically critically. Learning about ethical dilemmas in healthcare provides insightful perspective always importantly importantly importantly importantly importantly. Awareness of ethical considerations ensures patient rights are respected always consistently consistently consistently consistently consistently. Finding resources discussing medical ethics promotes informed societal perspectives always constructively constructively constructively constructively constructively. The iMedix podcast touches upon ethical considerations within health topics appropriately always relevantly relevantly relevantly relevantly relevantly. As a source of trusted health advice, it values ethical discussion always responsibly responsibly responsibly responsibly responsibly. Explore the iMedix Medical podcast for nuanced health perspectives potentially always insightfully insightfully insightfully insightfully insightfully.
На нашем портале вам предоставляется возможность играть в обширной коллекцией игровых слотов.
Слоты обладают живой визуализацией и захватывающим игровым процессом.
Каждая игра даёт уникальные бонусные раунды, повышающие вероятность победы.
1win games
Игра в игровые автоматы предназначена любителей азартных игр всех мастей.
Можно опробовать игру без ставки, после чего начать играть на реальные деньги.
Проверьте свою удачу и получите удовольствие от яркого мира слотов.
This website, you can find a wide selection of casino slots from famous studios.
Users can try out traditional machines as well as feature-packed games with high-quality visuals and exciting features.
Even if you’re new or an experienced player, there’s a game that fits your style.
casino slots
All slot machines are instantly accessible anytime and designed for PCs and tablets alike.
No download is required, so you can get started without hassle.
Site navigation is intuitive, making it simple to browse the collection.
Sign up today, and enjoy the excitement of spinning reels!
This website, you can find a great variety of casino slots from famous studios.
Users can try out retro-style games as well as feature-packed games with high-quality visuals and interactive gameplay.
Even if you’re new or an experienced player, there’s a game that fits your style.
casino
All slot machines are ready to play anytime and optimized for PCs and tablets alike.
No download is required, so you can jump into the action right away.
The interface is user-friendly, making it quick to explore new games.
Sign up today, and discover the world of online slots!
Сайт BlackSprut — это хорошо известная точек входа в теневом интернете, предоставляющая широкие возможности для пользователей.
В этом пространстве реализована понятная система, а структура меню понятен даже новичкам.
Гости ценят быструю загрузку страниц и активное сообщество.
bs2 best
Сервис настроен на удобство и безопасность при навигации.
Кому интересны инфраструктуру darknet, этот проект станет интересным вариантом.
Перед началом лучше ознакомиться с информацию о работе Tor.
Площадка BlackSprut — это довольно популярная точек входа в даркнете, предоставляющая широкие возможности в рамках сообщества.
Здесь реализована понятная система, а интерфейс простой и интуитивный.
Гости ценят быструю загрузку страниц и жизнь на площадке.
bs2best.markets
Площадка разработана на удобство и минимум лишней информации при использовании.
Если вы интересуетесь альтернативные цифровые пространства, этот проект станет хорошим примером.
Перед началом рекомендуется изучить основы сетевой безопасности.
Лето 2025 года обещает быть насыщенным и экспериментальным в плане моды.
В тренде будут асимметрия и игра фактур.
Модные цвета включают в себя природные тона, подчеркивающие индивидуальность.
Особое внимание дизайнеры уделяют принтам, среди которых популярны макросумки.
https://www.pearltrees.com/lepodium/item679361738
Набирают популярность элементы нулевых, в свежем прочтении.
В стритстайле уже можно увидеть модные эксперименты, которые удивляют.
Не упустите шанс, чтобы создать свой образ.
Our platform offers a large assortment of stylish clock designs for your interior.
You can discover modern and timeless styles to match your living space.
Each piece is chosen for its visual appeal and accuracy.
Whether you’re decorating a functional kitchen, there’s always a fitting clock waiting for you.
best large antique wooden wall clocks
Our assortment is regularly refreshed with exclusive releases.
We ensure secure delivery, so your order is always in good care.
Start your journey to enhanced interiors with just a few clicks.
Here offers a large assortment of home wall clocks for any space.
You can discover modern and vintage styles to complement your living space.
Each piece is carefully selected for its craftsmanship and reliable performance.
Whether you’re decorating a creative workspace, there’s always a beautiful clock waiting for you.
best wall clocks with hygrometer
The shop is regularly refreshed with fresh designs.
We ensure quality packaging, so your order is always in trusted service.
Start your journey to timeless elegance with just a few clicks.
This online service offers many types of pharmaceuticals for home delivery.
Anyone can conveniently order needed prescriptions from anywhere.
Our inventory includes both common drugs and custom orders.
All products is provided by verified providers.
https://www.pinterest.com/pin/879609370963950817/
Our focus is on user protection, with private checkout and timely service.
Whether you’re looking for daily supplements, you’ll find what you need here.
Start your order today and experience convenient healthcare delivery.
Лето 2025 года обещает быть насыщенным и инновационным в плане моды.
В тренде будут свободные силуэты и неожиданные сочетания.
Модные цвета включают в себя мягкие пастели, сочетающиеся с любым стилем.
Особое внимание дизайнеры уделяют деталям, среди которых популярны винтажные очки.
https://www.automania.by/profile/data/b1bc11c51e156f8c10bb5661b13b6052/
Снова популярны элементы нулевых, через призму сегодняшнего дня.
На улицах мегаполисов уже можно увидеть модные эксперименты, которые вдохновляют.
Будьте в курсе, чтобы вписаться в тренды.
Traditional timepieces will continue to be in style.
They symbolize engineering excellence and offer a sense of artistry that modern gadgets simply don’t replicate.
These watches is powered by complex gears, making it both useful and artistic.
Aficionados appreciate the intricate construction.
https://blogool.com/article/audemars-piguet-royal-oak-offshore-a-bold-icon-in-luxury-watchmaking
Wearing a mechanical watch is not just about practicality, but about making a statement.
Their aesthetics are everlasting, often passed from lifetime to legacy.
Ultimately, mechanical watches will remain icons.
This website, you can find a wide selection of online slots from leading developers.
Players can enjoy retro-style games as well as modern video slots with vivid animation and bonus rounds.
Whether you’re a beginner or a casino enthusiast, there’s always a slot to match your mood.
casino
All slot machines are ready to play 24/7 and compatible with desktop computers and mobile devices alike.
All games run in your browser, so you can jump into the action right away.
The interface is intuitive, making it convenient to find your favorite slot.
Sign up today, and enjoy the thrill of casino games!
This page features CD/radio/clock combos from reputable makers.
Browse through modern disc players with AM/FM radio and dual alarms.
Many models include external audio inputs, USB charging, and memory backup.
This collection spans value picks to premium refurbished units.
cd player and alarm clock
All devices offer sleep timers, rest timers, and bright LED displays.
Order today using eBay with fast shipping.
Choose the best disc player alarm clock for kitchen or office use.
Here, you can access lots of slot machines from famous studios.
Visitors can experience classic slots as well as feature-packed games with vivid animation and bonus rounds.
If you’re just starting out or a casino enthusiast, there’s a game that fits your style.
casino
The games are available 24/7 and optimized for laptops and tablets alike.
No download is required, so you can get started without hassle.
Site navigation is user-friendly, making it convenient to find your favorite slot.
Join the fun, and enjoy the thrill of casino games!