I just spotted a vm on Vulnhub that promised to be like OSCP. So i had to grab it: https://www.vulnhub.com/entry/sickos-11,132/
It was quite easy but still a lot of fun! As I managed to root it in roughly 45 minutes and the exploitation path is quite obvious im going with a minimalistic walkthrough.
Here we go:
1. Every good day starts with a nmap scan!
Given that im in a VM I just went in loud:
2. Im as hard as a jelly fish
One thing always to go for with an open proxy is to see if you can access a webserver that is only listening on the loopback interface:
3. webserver problem? nikto will find it
So much vulns so wow:
Definitely some shellshock here but I went another way:
5. the server who cried wolf
A small cms called “wolfcms”:
I can already smell where this is going! But how to get to the admin login?
/admin, /login and other usual suspects do not work…. Lets ask google:
Where is waldo….errrr admin? -> /?admin
Can you guess it?
6. Never go full retard! But always go with admin:admin first!
At this point i figured this will be an easy one:
7. We’ve got shell \o/
Some basic postexploit reconnaissance:
Equipped with the mysql root pw lets check for PW reuse!
8. This… was… too… easy… :)
This was rather easy but still fun! A refreshing contrast to all those reverse engineering hardcore VMs which are dominating vulnhub lately!
Props to D4rk (@D4rk36) for this! Even an “easy” VM is still loads of work to prepare and I really appreciate that! Also he is spot on with this being a lot like OSCP. If you have done OSCP, hacking this VM feels kinda natural :)