OSCP Prep Box 50 – Ochima- Proving Grounds Pracitce

Posted on

Hi everyone

Today we are going to look for a Box called Ochima which is rated as Intermediate in terms of difficulty. This machine has various phases: Recon, Enumeration, Exploitation and Privilege Escalation.

Box Type: Linux

Recon & Enumeration

Enumeration plays a very significant role in pen testing. The more properly you enumerate the more it will be easy to get a foothold on the target.

First, we will check whether target is reachable or not with ping command:

ping Target_IP

With ping command output we found that the target is reachable.

Now let’s move ahead and run the port scan for which we will be using Nmap a popular tool for port scanning and it will provide details of the various ports which are in Open state. The command for that will be:

nmap -sC -sV -O -oA nmap/initial 192.168.241.32

nmap -sC -sV -O -p- -oA nmap/full 192.168.241.32 -T4

Now let’s also execute the UDP Scan:

nmap -sU -O -oA nmap/udp 192.168.241.32 -T4

I discovered these ports are open:

  • 22/tcp – SSH Service running OpenSSH 8.9p1 Ubuntu 3ubuntu0.4 (Ubuntu Linux; protocol 2.0)
  • 80/tcp – HTTP Service running Apache httpd 2.4.52 ((Ubuntu))
  • 8338/tcp – MySQL Service running Python http.server 3.5 – 3.10
  • OS: Linux

Let’s move ahead and check the IP in the web browser and I found page:

I tried default creds as well as ran Gobuster but no luck:

Exploitation

I went ahead and checked for exploits related to Maltrail and found one for version 0.52 but it din’t worked so downloaded the below one which is 0.53 Unauthenticated RCE:

https://github.com/spookier/Maltrail-v0.53-Exploit/tree/main?source=post_page—–ef58187e4cd4—————————————

I was able to grab the local.txt:

Privilege Escalation

Now it was a time for escalating the privileges.

I tried transferring linpeas, but had no luck, so I reverted the machine multiple times.

I checked for files and found a script in the backups directory with writable permissions. I overwrote the script and was able to gain root access:

The above image shows the proof.txt file.

Key Takeaways

  • Enumerate all services — uncommon ports may expose vulnerable applications.
  • Check software versions — outdated services may have public exploits.
  • Exploit web application flaws — vulnerable apps can lead to RCE.
  • Upgrade your shell — improve stability and interaction.
  • Review file permissions — writable files may enable privilege escalation.
  • Abuse system misconfigurations — weak permissions can lead to root access.

If you enjoyed this post, share it with your friends and colleagues!

Leave a Reply

Your email address will not be published. Required fields are marked *