OSCP Prep Box 55 – Jordak – Proving Grounds Practice

Posted on

Hi everyone

Today we are going to look for a Box called Law which is rated as intermediate in terms of difficulty. This machine has various phases: Recon, Enumeration, Exploitation and Privilege Escalation.

Box Type: Linux

Recon & Enumeration

Enumeration plays a very significant role in pen testing. The more properly you enumerate the more it will be easy to get a foothold on the target.

First, we will check whether target is reachable or not with ping command:

ping Target_IP

With ping command output we found that the target is reachable.

Now let’s move ahead and run the port scan for which we will be using Nmap a popular tool for port scanning and it will provide details of the various ports which are in Open state. The command for that will be:

nmap -sC -sV -O -oA nmap/initial 192.168.205.109

nmap -sC -sV -O -p- -oA nmap/full 192.168.205.109 -T4

I discovered these ports are open:

  • 22/tcp – SSH Service running OpenSSH 9.6p1
  • 80/tcp – HTTP Service running Apache httpd 2.4.58 ((Ubuntu))
  • OS: Linux

Note: The target IP may appear different in the screenshots because the machine was reverted multiple times during testing.

Exploitation

I found the exploit for the same and used it in order to get the initial foothold:

Exploit Link

I found the local.txt flag

Privilege Escalation

Now it was a time for escalating the privileges.

GTfOBins

The above image shows the proof.txt file.

Key Takeaways

  • Full port & service enumeration first — identifying the exposed services helps narrow down potential entry points quickly.
  • Web application enumeration is critical — vulnerable applications like Jorani can provide a straightforward path to initial access.
  • Public exploits become powerful when paired with proper version identification — knowing the exact software version can make exploitation trivial.
  • Always stabilize your shell after gaining access — upgrading to a proper TTY makes further enumeration and exploitation much smoother.
  • Never skip basic privilege checks — commands like sudo -l can instantly reveal privilege escalation opportunities.
  • Misconfigured sudo permissions can lead directly to root — leveraging allowed binaries with GTFOBins can escalate privileges quickly.

If you enjoyed this post, share it with your friends and colleagues!

Leave a Reply

Your email address will not be published. Required fields are marked *