Hi everyone
Today we are going to look for a Box called Extplorer which is rated as intermediate in terms of difficulty. This machine has various phases: Recon, Enumeration, Exploitation and Privilege Escalation.
Box Type: Linux
Recon & Enumeration
Enumeration plays a very significant role in pen testing. The more properly you enumerate the more it will be easy to get a foothold on the target.
First, we will check whether target is reachable or not with ping command:
ping Target_IP
With ping command output we found that the target is reachable.
Now let’s move ahead and run the port scan for which we will be using Nmap a popular tool for port scanning and it will provide details of the various ports which are in Open state. The command for that will be:
nmap -sC -sV -O -oA nmap/initial 192.168.38.16
nmap -sC -sV -O -p- -oA nmap/full 192.168.38.16 -T4
I discovered these ports are open:
- 22/tcp – SSH Service running OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
- 80/tcp – HTTP Service running Apache httpd 2.4.41 ((Ubuntu))
- OS: Linux
Then I went ahead and checked the IP in the web browser and I found nothing and then I ran gobuster:
Exploitation
I found the local.txt flag
Privilege Escalation
Now it was a time for escalating the privileges.
The above image shows the proof.txt file.
Key Takeaways
- Enumerate all services first — hidden web panels or ports may expose entry points.
- Identify vulnerable web applications — outdated file managers can lead to RCE.
- Abuse file upload features — webshell uploads can provide initial access.
- Stabilize your shell quickly — improves control during enumeration.
- Check writable scripts or services — often lead to privilege escalation.
- Focus on what runs as root — modifying it can grant full system access.
If you enjoyed this post, share it with your friends and colleagues!