PG - Heist

PG – Heist

In this walk through, we will be going through the Heist room from Proving Grounds. This room is rated as Hard on the platform and it consists of capturing user NTLM hashes due to use of insecure web browser application. Moving laterally with gMSA password extraction and finally getting Admin by abusing SeRestorePrivilege. So, let’s […]

PG – Heist Read More »

PG - GLPI

PG – GLPI

In this walk through, we will be going through the Exfiltrated room from Proving Grounds. This room is rated as Easy on the platform and it consist of exploitation of CVE-2022-35914 in order to get the initial foothold. With the DB creds in config files, we have to perform lateral movement and at last, privilege

PG – GLPI Read More »

PG - Extplorer

PG – Extplorer

In this walk through, we will be going through the Extplorer room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation with general misconfiguration like default credentials which grants initial access. Enumerating common web server files again reveals some store creds that can then be leveraged to

PG – Extplorer Read More »

PG - Exfiltrated

PG – Exfiltrated

In this walk through, we will be going through the Exfiltrated room from Proving Grounds. This room is rated as Easy on the platform and it consist of exploitation of a RCE in Subrion Panel to get the initial shell. For the Privilege escalation, it requires exploitation of CVE-2021-2204 in exiftool binary to get root.

PG – Exfiltrated Read More »

PG - Election1

PG – Election1

In this walk through, we will be going through the Election1 room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of two CVE’s – one for initial access and other for privilege escalation. So, let’s get started without any delay. Machine Info: Title Election1 IPaddress 192.168.159.211

PG – Election1 Read More »

PG - Educated

PG – Educated

In this walk through, we will be going through the Educated room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of exploitation via RCE in Free School Management software to get initial access. Next, we performed lateral movement to a user using DB Creds and local database enumeration

PG – Educated Read More »

PG - DC-9

PG – DC-9

In this walk through, we will be going through the DC-9 room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of exploitation via SQL injection to get access to internal application dashboard which is again vulnerable to LFI. The LFI can then be used to knock ON the

PG – DC-9 Read More »

PG - Crane

PG – Crane

In this walk through, we will be going through the Crane room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of CVE-2022-23940 to get the initial shell and service binary sudo exploitation to get root on the target. So, let’s get started without any delay. Machine

PG – Crane Read More »

PG - Craft2

PG – Craft2

In this walk through, we will be going through the Craft2 room from Proving Grounds. This room is rated as Hard on the platform and it consist of use of malicious ODT files to captured NTLM hash in order to get initial shell access on the target. For the privilege escalation, it requires tunneling to

PG – Craft2 Read More »

Scroll to Top