Post

Proving Grounds Box - PC

Posted Updated
Preview Image
By Veer Mehta 1 min read

In this writeup i am going to be presenting a walkthrough for a proving grounds box called pc

It has been rated intermediate by the community but i think it should be classified as easy because the initial foothold is not needed and its all about privilege escalation.

  • I begin by running a port scan using rustscan

rustscan -a <host>

Untitled

  • We get 2 open ports 8000 and 22
  • 8000 -> Web server http
  • 22 -> SSH
  • We go to the website hosted on 8000 and see that it already has a tty webshell and we can interact directly with the system

Untitled

  • Upon further enumeration i come across a weird python file which is named as RPC which is a remote procedure call service

    Untitled

  • Analysing the code suggests that the RPC service is running on a local port

    Untitled

  • A quick search for existing exploits shows a vulnerability that can be used to privilege to root

Exploit used : https://github.com/ehtec/rpcpy-exploit/blob/main/rpcpy-exploit.py

I made the exploit python file and the following set of commands will give us root.

1
2
3
4
5
6
7

chmod +x exploit.py
python3 exploit.py
#We can now use GTFObins to get a payload
#This example creates a local SUID copy of the binary 
#and runs it to maintain elevated privileges. 
#To interact with an existing SUID binary.
 bash -p

Untitled

With this we successfully get root privileges and hence the box is pwned.

This is my first box writeup and I hope i have done a decent job at it, i have tried and kept it as simple and short as possible.

Thank you!

Pentesting, Proving Grounds
Hacking PenetrationTesting CTF (Capture The Flag) ProvingGrounds Walkthrough PrivilegeEscalation Vulnerability Exploit RPCService
This post is licensed under CC BY 4.0 by the author.