Proving Grounds - Cockpit
Box Overview Cockpit is a Linux machine from Offensive Security’s Proving Grounds that demonstrates web enumeration, SSH key injection via a web management interface, and sudo privilege escalation through tar wildcard exploitation. Enumeration Nmap Scan sudo nmap -sS -sC -A 192.168.227.10 -T4 -oN first.scan -p- Open Ports: 22/tcp - SSH (OpenSSH 8.2p1 Ubuntu) 80/tcp - HTTP (Apache 2.4.41) 9090/tcp - SSL/zeus-admin (Web management interface) Web Enumeration Port 80 - Apache Initial inspection revealed a static template website with no obvious vulnerabilities.
Read more ?