Welcome to our walkthrough of Crane, a PG Practice machine: portal.offsec.com/labs/practice
Plantplants, our Student Mentor, started off by discussing the importance of a VPN connection and how to set it up using control Zed and BG commands to manage terminal processes in the background.
For Enumeration and Initial Access, he:
🟪 Emphasized starting with an nmap scan and checking for open ports and services.
🟪 Suggested looking for robots.txt files and other indicators on the website for potential vulnerabilities.
🟪 Demonstrated logging in using common default credentials and further enumeration using HTTP responses.
During Exploitation and Gaining Access, he:
🟪 Discussed finding and utilizing public exploits for identified software versions.
🟪 Showed how to troubleshoot and adapt exploitation scripts for successful execution.
🟪 Provided tips on managing terminal sessions and stabilizing shell access.
Concluding with Post-Exploitation and Privilege Escalation, he:
🟪 Advocated for manual inspection before running automated enumeration scripts.
🟪 Checked for weak or default credentials and sudo permissions.
🟪 Encouraged methodical exploration and understanding of the system to effectively elevate privileges and maintain access.
Join OffSec Live on Fridays: / offsecofficial
We do demonstrations and walkthroughs of course topics and Proving Grounds machines. Additionally, sessions offer career guidance, including how to build a resume, how to break into #cybersecurity, and interview tips.