Today in the OSCP Prep series, we'll take a look at SkyTower: 1 from VulnHub. This is an interesting machine that will require quite a bit of outside-the-box thinking at every step.
SkyTower 1 Walkthrough (OSCP Prep)
Tag : SQL injection
VulnOS 2 Walkthrough (OSCP Prep)
Continuing our series of write-ups for OSCP-like VulnHub boxes, today we'll tackle the VulnOS 2 virtual machine. VulnOS 2 is an Ubuntu box running SSH, HTTP, and, interestingly, an IRC daemon. To get root, we'll need to enumerate the webserver to find a classic SQL injection vulnerability. We'll then use the SQLi to capture credentials and log in over SSH. Finally on the system, some basic enumeration will lead us to a kernel exploit to pop a root shell.
Kioptrix Level 1.3 (Level 4) Walkthrough (OSCP Prep)
In this write-up, we will walk through rooting Kioptrix Level 1.3 - also known as Kioptrix Level 4. This was a fun box that proved to be a decent challenge as I was not familiar with the privilege escalation vector.