August 2024

PG - Stapler

PG – Stapler

In this walk through, we will be going through the Stapler room from Proving Grounds. This room is rated as Intermediate on the platform that has two or more routes of exploitation. One is a direct vulnerability exploitation on a vulnerable Samba server and other is through LFI on a wordpress installation via a vulnerable […]

PG – Stapler Read More »

PG - Squid

PG – Squid

In this walk through, we will be going through the Squid room from Proving Grounds. This room is rated as Easy on the platform and it consist of enumeration of Squid Proxy in order to get the initial foothold on the target. For the privilege escalation, Fullpowerexploit is used in conjunction of the SeImpersonatePrivilege abuse

PG – Squid Read More »

PG - RubyDome

PG – RubyDome

In this walk through, we will be going through the RubyDome room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of Ruby application via CVE-2022-25765 for the initial foothold. For Privilege Escalation, abuse of sudo misconfiguration on custom binary is required to get root. So, let’s

PG – RubyDome Read More »

PG - Resourced

PG – Resourced

In this walk through, we will be going through the Resourced room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of extensive LDAP enumeration to find out low hanging fruit for initial compromise. Post that, we have to abuse the Resource-Based Constrained Delegation privilege to get Domain Admin.

PG – Resourced Read More »

PG - pyLoader

PG – pyLoader

In this walk through, we will be going through the pyLoader room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of pyLoad via CVE-2023-0297 to get root on the target. So, let’s get started without any delay. Machine Info: Title pyLoader IPaddress 192.168.169.29 Difficulty Intermediate OS

PG – pyLoader Read More »

PG - Press

PG – Press

In this walk through, we will be going through the Press room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of exploitation of FlatPress CMS using File Upload attacks to get the initial foothold. For the privilege escalation, exploitation of the sudo misconfiguration for the apt-get binary is

PG – Press Read More »

Scroll to Top