There’s an obvious pattern to hacking boxes I’m seeing on Proving Grounds and OffSec lab systems:
1. Scan for open ports, services. Find them. If TCP/80-443 is open, try an LFE – Local File Include, upload it, execute it and have it call back to your nc -nvlp 4444.
2. Do a vulnerability scan and detect the vulnerable services by CVE or EDB-ID number.
3. Go to Exploit-DB.com (https://www.exploit-db.com/) and find the exploit.
4. Download, edit the script (If necessary) compile it and get initial shell access.
5. Do a privilege escalation with like linpeas or winpeas.
6. Find the flag.txt and proof.txt to get credit for the box.
I still get hung up on nonsense like how when I try to compile exploits, I get a ton of error messages.
Bogus.