OSCP Journey Part 7

Day: -56
PDF: 90%
Videos: 95%
Boxes: 4
Networks:1

I’ve decided to change the way i count the days – going by how long until my lab runs out. I’ll go back at some stage and change the other posts to match this new format.

I’ve just completed the write up for a box after finally getting root. Wish I could go into more details here about this but I’ll not. Working on a github repo to formulate my Priv Esc techniques, once I’ve put some decent content on there I’ll share. Tbh I’m new to publishing anything on github so I’ll have to learn that process.

I had been feeling quite down about my progress and tbh quite alone about going through this. I woke up to a few comments on my previous post which jeered me on. Its kinda nice to feel as if people are following my progress as I had no idea if anyone was reading this. So ‘ave at it feel free to post a comment and push me on even if you post up how you found my site.

It maybe be useful to go over what I’ve learned of late. The /etc/passwd file superseeds the /etc/shadow file. So in essence if you can edit the /etc/passwd file you can add yourself as a user then su to become root. Then do su to become root. You can only do this if the /etc/passwd file is writeable. Eg add user test to passwd file.

echo test::0:0:test:/root:/bin/bash >> /etc/passwd 

Removing x means root requires no password anymore

rowbot

Share

4 Responses

Leave a Reply to Kieran McAuliffe Cancel reply

Your email address will not be published. Required fields are marked *

Post comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.