In this walk through, we will be going through the Educated room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of exploitation via RCE in Free School Management software to get initial access. Next, we performed lateral movement to a user using DB Creds and local database enumeration […]
In this walk through, we will be going through the DriftingBlues6 room from Proving Grounds. This room is rated as Easy on the platform and it consists of basic enumeration of the Textpattern CMS resulting in later getting a RCE on the target. For the privilege escalation part, it require use of a popular Linux
In this walk through, we will be going through the DC-9 room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of exploitation via SQL injection to get access to internal application dashboard which is again vulnerable to LFI. The LFI can then be used to knock ON the
In this walk through, we will be going through the Crane room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of CVE-2022-23940 to get the initial shell and service binary sudo exploitation to get root on the target. So, let’s get started without any delay. Machine
In this walk through, we will be going through the Craft2 room from Proving Grounds. This room is rated as Hard on the platform and it consist of use of malicious ODT files to captured NTLM hash in order to get initial shell access on the target. For the privilege escalation, it requires tunneling to
In this walk through, we will be going through the Codo room from Proving Grounds. This room is rated as Easy on the platform and it consists of exploitation via Codoforum RCE exploit to get the initial foothold and dumping of DB password stored in config file to get root. So, let’s get started without
In this walk through, we will be going through the Cockpit room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of SQL Injection authentication bypass in order to get initial access on to the server. For privilege escalation, we have sudo misconfiguration for tar binary where wildcard injection
In this walk through, we will be going through the Clue room from Proving Grounds. This room is rated as Hard on the platform and it consists of chaining of two service related exploits in order to get the initial foothold. For the privilege escalation part, it require exploitation of sudo misconfiguration on cassandra-web binary.
In this walk through, we will be going through the Boolean room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of exploitation bypassing of account confirmation implementations in user account creation along with the chaining of directory traversal and file upload vulnerability to get initial access. For the
In this walk through, we will be going through the Blogger room from Proving Grounds. This room is rated as Easy on the platform and it consists of WordPress Plugins Enumeration and exploitation to get initial access and for the privilege escalation, some password guessing and misconfigured sudo permissions exploitation is required to get root
