offsec

Gaara OffSec Walkthrough

INFOXIDE
1 Min Read
Gaara OffSec Walkthrough

Gaara OffSec Walkthrough: This is a write-up/walkthrough for the Gaara box found on ProvingGrounds (OffSec) and VulnHub.

Contents
Steps to Solve the machine:-Privilege Escalation

Level: Easy

Steps to Solve the machine:-

  1. Use nmap to enumerate the target

nmap -sc -sV -A -T4 -Pn $ip

nmap scan

2. Try to open the web server in the browser since port 80 is open

web server
gaara

3. Brute force the ssh credentials using hydra assuming the username is gaara.

hydra bruteforce ssh
hydra

Credentials: user-gaara ; pass- iloveyou2

4. SSH into the machine using the obtained credentials and get collect the first flag

ssh gaara@$ip

user flag
first flag

Privilege Escalation

5. Look for the files that have the “set-user-ID” (setuid) permission bit set, which means the file will be executed with the permissions of the owner when run

find / -perm -u+s 2>/dev/null

SUID
perm

6. Open GTFOBINS to find the payload and search for gdb

URL- https://gtfobins.github.io/gtfobins/gdb/#suid

gtfobins
gtfobins

Copy the payload

SUID Payload
payload

7. Execute the payload and we have the root access!!

root acsess

8. Collect the final root flag and submit it.

root flag
final flag

Thank you for reading:)

See you again in the next machine…

Also Read | Djinn3 OffSec Walkthrough

TAGGED:
Share This Article
Previous Article Djinn3 OffSec Walkthrough Djinn3 OffSec Walkthrough
Next Article ICMP OffSec Walkthrough ICMP OffSec Walkthrough
Infoxide Security Live Hacking Workshop
Infoxide Security Certifications
infoxide Security telegram channel

Trending News🔥