Posted on Tuesday, 20th November 2018 by Michael

Today we take a look at Mercy found on VulnHub by the author Donavan. This is an OSCP style boot to root that really requires you to enumerate and pay attention. You will get to work through several steps before being able to obtain the root flag and claim victory over Mercy. However, if you do not enumerate well enough you may find yourself pleading for mercy.

Reference Material and Swag:

Web Application Hacker Handbook: https://amzn.to/2DOotEJ
Red Team: How to succeed by thinking like the enemy: https://amzn.to/2DxB9yY
Red Team Field Manual (ON SALE): https://amzn.to/2KkxQwC -- must have for any tester
Kali Hoodie (Great holiday present): https://amzn.to/2DzxuAB

Links to tools in this walkthrough:

Spawning a TTY: https://netsec.ws/?p=337
Creating a WAR file: https://netsec.ws/?p=331
RIPS Static Source Code Reviewer Vulnerability: https://www.exploit-db.com/exploits/18660/
Process Spy (PSPY): https://github.com/DominicBreuker/pspy/blob/master/README.md
Port Knocker: https://github.com/grongor/knock
Decodify:https://github.com/s0md3v/Decodify

Social Media Contact:

Twitter: https://twitter.com/genxweb
LinkedIn: https://www.linkedin.com/in/michael-lasalvia-7743732/
YouTube: https://www.youtube.com/user/genxweb

Posted in OSCP | Comments (0)

Leave a Reply

*