Offensive Security offers free lab machines under their Proving Grounds library that I find super helpful to prepare for the OSCP. I will be walking you through my experience with an “easy” level machine called FunboxRookie.
START THE LAB :-
- 1. Open lab and take the ip
- 2. Scanning the ip using nmap in kali linux
- 3. You see the open ports and try to hack
- 4. We connect first ftp server using anonymous
- 5. We are connect ftp server and use ls command see the file in ftp server.
- 6. We are download all file in kali linux using mget *
- 7. I try to connect ssh and ftp but I not connect
- 8. We download all file but it is password protected. Now crack the password using hash
- 9. We need first hash so using zip2john all file we use code or manually, if u can use the so go chatgpt and ask.
- 10. Then I do manually I found pass of tom.zip
- 11. You get a file name as id-rsa and connect ssh
- 12. Then I connect ssh using command ssh user@<ip> -i id_rsa
- 13. We connected successfully to ssh then found first flag using ls -la see all file in current directry.
- 14. We see local.txt in this file have first flag.
- 15. We need root access.
- 16. We using tool from github url https://github.com/Almorabea/pkexec-exploit?source=post_page—–c0d1b232d6da——————————–
- 17. We try install python file direct but it need permission of sudo ,so send this file using python server.
- 18. Tool install in victim directry using wget .
- 19. Run python file and exploit permission of sudo
- 20. You can access all directry, find second flag in root folder and submit flag to slove the lab.