OSCP Prep

Vulnlab - Sync

Vulnlab – Sync

In this walk through, we will be going through the Sync room from Vulnlab. This room is rated as Easy on the platform and it consist of abuse of rsync service to download site.db database which reveals hash of user triss that have to be made compatible for cracking for hashcat. Cracking it reveals the […]

Vulnlab – Sync Read More »

Vulnab - Media

Vulnab – Media

In this walk through, we will be going through the Media room from Vulnlab. This room is rated as Medium on the platform and it consist of abusing of file upload functionality by creating documents to capture user NTLM hash, cracking it will give us initial access to the target. For Privilege Escalation, abuse of

Vulnab – Media Read More »

Vulnlab - Feedback

Vulnlab – Feedback

In this walk through, we will be going through the Feedback room from Vulnlab. This room is rated as Easy on the platform and it consist of exploitation of Log4shell vulnerability to get initial access on the target. For privilege escalation, used the admin password found in tomcat-users.xml file to get root. So, let’s get

Vulnlab – Feedback Read More »

Vulnlab - Data

Vulnlab – Data

In this walk through, we will be going through the Data room from Vulnlab. This room is rated as Easy on the platform and it consist of dumping of grafana DB using CVE-2021-43798 which reveals the hash password of user boris that have to crack using hashcat to get initial access on the target. For

Vulnlab – Data Read More »

Vulnlab - Breach

Vulnlab – Breach

In this walk through, we will be going through the Breach room from Vulnlab. This room is rated as Medium on the platform and it consist of capturing of a user NTLM hash by creating documents that a domain user will likely open in a SMB share. Using the captured credentials, performed Kerberoasting to get

Vulnlab – Breach Read More »

Vulnlab - Baby 2

Vulnlab – Baby 2

In this walk through, we will be going through the Baby 2 room from Vulnlab. This room is rated as Medium on the platform and it consist of exploitation via a powershell script in a SMB share to get initial access on the target. For Privilege Escalation, First Degree Group Membership abuse is required to

Vulnlab – Baby 2 Read More »

Vulnlab - Baby

Vulnlab – Baby

In this walk through, we will be going through the Baby room from Vulnlab. This room is rated as Easy on the platform and it consist of extensive LDAP Enumeration to get potential password. Spraying of it reveals STATUS_PASSWORD_MUST_CHANGE error which have to be abused to get initial foothold. For Privilege Escalation, abuse of SeBackupPrivilege

Vulnlab – Baby Read More »

PG - Zipper

PG – Zipper

In this walk through, we will be going through the Zipper room from Proving Grounds. This room is rated as Hard on the platform that consists of LFI exploitation via PHP Phar filters in order to get the initial foothold on the target. For the privilege escalation, abuse of a cron job running the 7z

PG – Zipper Read More »

PG - Twiggy

PG – Twiggy

In this walk through, we will be going through the Twiggy room from Proving Grounds. This room is rated as Easy on the platform and it consist of exploitation of CVE-2020-11652 and CVE-2020-11651 in Salt API 3000 in order to get root. So, let’s get started without any delay. Machine Info: Title Twiggy IPaddress 192.168.177.62

PG – Twiggy Read More »

Scroll to Top