In this walk through, we will be going through the Marshalled room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of exploitation of a Blind RCE through YAML Deserilization in Ruby on Rails framework for the initial access and a buffer overflow in cname binary for the Privilege […]
In this walk through, we will be going through the Law room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of exploitation of CVE-2022-35914 in HTMLawed 1.2.5 to get the initial access. For Privilege escalation, abuse of a cron job via a bash script file is required to
In this walk through, we will be going through the Kevin room from Proving Grounds. This room is rated as Easy on the platform and it consists of exploitation of CVE-2009-2685 which is a stack based buffer overflow vulnerability that leads to RCE on the system. So, let’s get started without any delay. Machine Info:
In this walk through, we will be going through the Jacko room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of exploitation of running H2 Database instance via JNI Code Execution. For privilege escalation, we have two routes, either exploit PaperStream IP particular version or use Potato Exploits
In this walk through, we will be going through the Internal room from Proving Grounds. This room is rated as Easy on the platform and it consists of exploitation of MS17-010 (Eternal Blue) vulnerability to get root on the system. So, let’s get started without any delay. Machine Info: Title Internal IPaddress 192.168.166.40 Difficulty Easy
In this walk through, we will be going through the InsanityHosting room from Proving Grounds. This room is rated as Hard on the platform and it consist of exploitation of Second order SQL Injection in application’s logic to get the user hash for the initial foothold. For the privilege escalation, decryption of Mozilla DB is
In this walk through, we will be going through the Image room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of ImageMagick Identifier using CVE-2016-5118 to get the initial foothold. For privilege escalation, strace SUID binary have to be abused via GTFObins to get root on
In this walk through, we will be going through the Hutch room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of extensive LDAP Enumeration to get the foothold on the target. Once foothold is established, privilege escalation have to done via the LAPS abuse. So, let’s get started
In this walk through, we will be going through the Hub room from Proving Grounds. This room is rated as Easy on the platform and it consists of exploitation of FuguHub CMS using CVE-2023-24078 which eventually gives us root on the target. So, let’s get started without any delay. Machine Info: Title Hub IPaddress 192.168.171.25
In this walk through, we will be going through the Helpdesk room from Proving Grounds. This room is rated as Easy on the platform and it consist of exploitation of exploitation of CVE-2014-5301 in ManageEngine ServiceDesk to get root on the target. So, let’s get started without any delay. Machine Info: Title Helpdesk IPaddress 192.168.163.43
