OSCP | CTF | HTB | LEARNER

Who am I?

20 y/o from Nepal. No prior experience on anything security related even bug bounty unlike most Nepali youngsters. I took OSCP exam on Dec 2nd & passed it on first attempt with 100 points.

Why and How it all started?

Got bored during covid restriction/lockdown. Stumbled upon Professor Messer’s Comptia network+ videos on YouTube while browsing…

Exploitation Guide for Ophiuchi

Summary:

In this box, we will be exploiting yaml parsing (deserialization) vulnerability to get RCE . Then exploit the misconfigured sudo privilege to gain the root shell.

Enumeration

┌──(root💀kali)-[/home/…/ctf/htb/ophiuchi/scans]
└─# nmap -sS -sV -T4 -p- -A 10.10.10.227 -oN nmap_full_syn.txt
Starting Nmap 7.91 ( <https://nmap.org> ) at 2021-06-04 22:09 EDT
Stats: 0:11:21 elapsed; 0…

Imtodess

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store