Proving Grounds

PG - Zipper

PG – Zipper

In this walk through, we will be going through the Zipper room from Proving Grounds. This room is rated as Hard on the platform that consists of LFI exploitation via PHP Phar filters in order to get the initial foothold on the target. For the privilege escalation, abuse of a cron job running the 7z […]

PG – Zipper Read More »

PG - Twiggy

PG – Twiggy

In this walk through, we will be going through the Twiggy room from Proving Grounds. This room is rated as Easy on the platform and it consist of exploitation of CVE-2020-11652 and CVE-2020-11651 in Salt API 3000 in order to get root. So, let’s get started without any delay. Machine Info: Title Twiggy IPaddress 192.168.177.62

PG – Twiggy Read More »

PG - Stapler

PG – Stapler

In this walk through, we will be going through the Stapler room from Proving Grounds. This room is rated as Intermediate on the platform that has two or more routes of exploitation. One is a direct vulnerability exploitation on a vulnerable Samba server and other is through LFI on a wordpress installation via a vulnerable

PG – Stapler Read More »

PG - Squid

PG – Squid

In this walk through, we will be going through the Squid room from Proving Grounds. This room is rated as Easy on the platform and it consist of enumeration of Squid Proxy in order to get the initial foothold on the target. For the privilege escalation, Fullpowerexploit is used in conjunction of the SeImpersonatePrivilege abuse

PG – Squid Read More »

PG - RubyDome

PG – RubyDome

In this walk through, we will be going through the RubyDome room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of Ruby application via CVE-2022-25765 for the initial foothold. For Privilege Escalation, abuse of sudo misconfiguration on custom binary is required to get root. So, let’s

PG – RubyDome Read More »

PG - Resourced

PG – Resourced

In this walk through, we will be going through the Resourced room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of extensive LDAP enumeration to find out low hanging fruit for initial compromise. Post that, we have to abuse the Resource-Based Constrained Delegation privilege to get Domain Admin.

PG – Resourced Read More »

PG - pyLoader

PG – pyLoader

In this walk through, we will be going through the pyLoader room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of pyLoad via CVE-2023-0297 to get root on the target. So, let’s get started without any delay. Machine Info: Title pyLoader IPaddress 192.168.169.29 Difficulty Intermediate OS

PG – pyLoader Read More »

PG - Press

PG – Press

In this walk through, we will be going through the Press room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of exploitation of FlatPress CMS using File Upload attacks to get the initial foothold. For the privilege escalation, exploitation of the sudo misconfiguration for the apt-get binary is

PG – Press Read More »

PG - Plum

PG – Plum

In this walk through, we will be going through the Plum room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of PluXml via CVE-2022-25018 to get initial foothold. For Privilege escalation, root password stored in SMTP related files have to be exposed to get root on

PG – Plum Read More »

PG - Pelican

PG – Pelican

In this walk through, we will be going through the Pelican room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of exploitation of Exhibitor for Zookeeper using CVE-2019-5029 to get the initial access. For the privilege escalation, abuse of the gcore binary sudo misconfiguration is required to get

PG – Pelican Read More »

Scroll to Top