In this walk through, we will be going through the Image room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of ImageMagick Identifier using CVE-2016-5118 to get the initial foothold. For privilege escalation, strace SUID binary have to be abused via GTFObins to get root on […]
In this walk through, we will be going through the Hutch room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of extensive LDAP Enumeration to get the foothold on the target. Once foothold is established, privilege escalation have to done via the LAPS abuse. So, let’s get started
In this walk through, we will be going through the Hub room from Proving Grounds. This room is rated as Easy on the platform and it consists of exploitation of FuguHub CMS using CVE-2023-24078 which eventually gives us root on the target. So, let’s get started without any delay. Machine Info: Title Hub IPaddress 192.168.171.25
In this walk through, we will be going through the Helpdesk room from Proving Grounds. This room is rated as Easy on the platform and it consist of exploitation of exploitation of CVE-2014-5301 in ManageEngine ServiceDesk to get root on the target. So, let’s get started without any delay. Machine Info: Title Helpdesk IPaddress 192.168.163.43
In this walk through, we will be going through the Heist room from Proving Grounds. This room is rated as Hard on the platform and it consists of capturing user NTLM hashes due to use of insecure web browser application. Moving laterally with gMSA password extraction and finally getting Admin by abusing SeRestorePrivilege. So, let’s
In this walk through, we will be going through the Exfiltrated room from Proving Grounds. This room is rated as Easy on the platform and it consist of exploitation of CVE-2022-35914 in order to get the initial foothold. With the DB creds in config files, we have to perform lateral movement and at last, privilege
In this walk through, we will be going through the Extplorer room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation with general misconfiguration like default credentials which grants initial access. Enumerating common web server files again reveals some store creds that can then be leveraged to
In this walk through, we will be going through the Exfiltrated room from Proving Grounds. This room is rated as Easy on the platform and it consist of exploitation of a RCE in Subrion Panel to get the initial shell. For the Privilege escalation, it requires exploitation of CVE-2021-2204 in exiftool binary to get root.
In this walk through, we will be going through the Election1 room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of two CVE’s – one for initial access and other for privilege escalation. So, let’s get started without any delay. Machine Info: Title Election1 IPaddress 192.168.159.211
In this walk through, we will be going through the Educated room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of exploitation via RCE in Free School Management software to get initial access. Next, we performed lateral movement to a user using DB Creds and local database enumeration
