OSCP Practice with Proving Grounds Press

>> DOWNLOAD LINK 🎞️ #1 <<

>> DOWNLOAD LINK 🎞️ #2 <<

>> COPY / PASTE LINK PLEASE 🎵 MP3 <<

>> YOUR LINK HERE: ___ http://youtube.com/watch?v=zr_HSFFaqQk

In this video, we take on Press from OffSec Proving Grounds Practice in preparation for the OSCP exam. Now, this was an Intermediate level box although if you have your enumeration on point you can find the version of a blog hosting CMS that allows for exploit research. OffSec likes to include publicly available exploits so after searching, you find a file upload bypass vulnerability in the CMS that allows you to upload a PHP file in which you have to include the magic bytes of a GIF in order to have the application run the code. We then are able to gain access to the box from executing commands on that file. You then run some basic manual enumeration to find some SUDO permissions set on a binary for your current user and utilize those permissions to escalate privileges. With all that being said, hope you guys enjoy the proving grounds walkthrough! • If you guys enjoyed the video and want to see us go through more OSCP practice machines go ahead and subscribe!: •    / @subluu   • Timestamps: • 0:00 Introduction • 0:28 Start of nmap scan • 1:51 Start of the web application enumeration • 2:58 Testing the 'contact us' functionality to see if it is vulnerable to XSS but not finding anything • 3:40 Concluding that the http server on port 80 is simply a template website with no real functionality • 3:56 Starting the enumeration of the web server on port 8089 to find a Flatpress CMS • 4:26 Using the nmap version scan in order to identify the version of the CMS and searching for a public exploit for that version • 5:00 Finding an file upload bypass vulnerability present within the version of Flatpress that was present • 5:44 Logging into the CMS with default credentials • 6:22 Creating a PHP system call with a GIF magic byte in order to have the system identify the file as an image • 7:30 Going over magic bytes of different file types • 8:30 Uploading our PHP file to the website and using open source resources to find where we could access the file that was uploaded • 9:41 Creating a file with a bash reverse shell, encoding it in base64 and sending it through the cmd parameter to get a reverse shell • 11:42 Beginning of manual enumeration of the backend server • 12:17 Looking for MySQL database credentials but coming up with nothing • 13:46 Checking sudo privileges to see that we have access to run a specific binary • 14:25 Using apt-get changelog feature that utilizes the less page viewer in order to spawn a bash shell as root • 15:10 Using GTFOBins to find another way to utilize apt-get to escalate privileges • 15:57 Using a Configuration option within apt-get to set a Pre-Invoke function to be able to run a command before running the update function of apt-get • 16:57 Going to the apt-get man pages to see how the configuration option actually works and how it can be utilized • #capturetheflag #hackthebox #cybersecurity #offensivesecurity #oscp #tryhackme #cybersec #provinggrounds #offsec #ctf #ethicalhacking

#############################