owning Toppo Machine

This box is in the list of (old) OSCP like machine,  so I am going to try this box.

Require Task:

1. To get root level access

2. To get the flag


You can download the machine from here.


Information Gathering:

Kali Linux Machine IP:

Target Machine IP:

Enumerating Services, Versions, Ports

nmap -sC -sV -p-  > nmap.log

Since we can see that Apache Web Server is running, therefore, I presume there is there website and we can try robots.txt

No important information was able to find in source code and robots.txt.

I ran gobuster

gobuster dir -u -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt > gobuster.log

Visit the website

We got password : 12345ted123

I guessed the username: ted

We already have IP address of the machine and from nmap result, we know that the machine runs SSH service.

ssh ted@ 
(enter the above password)


Privilege Escalation:

At this point, I check kernel version and it appears to me that it is vulnerable, so what I thought to do was, first I will enumerate whether it has any potential suid binaries which could help me to escalated the privilege. If I can’t find any, then will try the kernel exploit.

Let’s find the binaries  using the following command.. referred link

find / -perm -u=s -type f 2>/dev/null

I am interested with the python part, because I learned a simple code to escalate to root from google.  (apologize for I am not able to recalled from which link).

nano exploit.py 
import os 

python exploit.py

Yes, we got the root privilege.. now let’s get the flag 🙂


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also
Back to top button