In this walk through, we will be going through the Heist room from Proving Grounds. This room is rated as Hard on the platform and it consists of capturing user NTLM hashes due to use of insecure web browser application. Moving laterally with gMSA password extraction and finally getting Admin by abusing SeRestorePrivilege. So, let’s […]
In this walk through, we will be going through the Exfiltrated room from Proving Grounds. This room is rated as Easy on the platform and it consist of exploitation of CVE-2022-35914 in order to get the initial foothold. With the DB creds in config files, we have to perform lateral movement and at last, privilege
In this walk through, we will be going through the Extplorer room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation with general misconfiguration like default credentials which grants initial access. Enumerating common web server files again reveals some store creds that can then be leveraged to
In this walk through, we will be going through the Exfiltrated room from Proving Grounds. This room is rated as Easy on the platform and it consist of exploitation of a RCE in Subrion Panel to get the initial shell. For the Privilege escalation, it requires exploitation of CVE-2021-2204 in exiftool binary to get root.
In this walk through, we will be going through the Election1 room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of two CVE’s – one for initial access and other for privilege escalation. So, let’s get started without any delay. Machine Info: Title Election1 IPaddress 192.168.159.211
In this walk through, we will be going through the Educated room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of exploitation via RCE in Free School Management software to get initial access. Next, we performed lateral movement to a user using DB Creds and local database enumeration
In this walk through, we will be going through the DriftingBlues6 room from Proving Grounds. This room is rated as Easy on the platform and it consists of basic enumeration of the Textpattern CMS resulting in later getting a RCE on the target. For the privilege escalation part, it require use of a popular Linux
In this walk through, we will be going through the DC-9 room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of exploitation via SQL injection to get access to internal application dashboard which is again vulnerable to LFI. The LFI can then be used to knock ON the
In this walk through, we will be going through the Crane room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of CVE-2022-23940 to get the initial shell and service binary sudo exploitation to get root on the target. So, let’s get started without any delay. Machine
In this walk through, we will be going through the Craft2 room from Proving Grounds. This room is rated as Hard on the platform and it consist of use of malicious ODT files to captured NTLM hash in order to get initial shell access on the target. For the privilege escalation, it requires tunneling to
