Security

This is a walkthrough of OffSec Proving Grounds machine "BlackGate". It is rated as hard but there are several ways to take advantage of this machine (likely not intended by Offsec). We start by exploiting Redis and privesc using misconfigured SUID setting BUT there are some things you will need…

This is a walkthrough of the OffSec machine called Press. In this video we take advantage of a Flatpress blog and then we privesc using a misconfigured SUID binary. ***SPOILER***Walkthrough of the machine called "Press" in the Offsec Proving Grounds...don't watch unless you want help getting through the machine. https://youtu.be/4iG_qOSldok

This is a walkthrough of the machine called "Codo" in the OffSec Proving Grounds...don't watch unless you want help getting through the machine. This time we take advantage of CodoForum software and bad password practices! Hope this helps someone and enjoy! https://youtu.be/U7H3bMPiS-I

Walkthrough of the machine called "Compromised" in the OffSec Proving Grounds...don't watch unless you want help getting through the machine. We take advantage of SMB, then use PowerShell to exploit this machine. ⚠️The privesc portion is very tough (at least for me it was) and I provide some breakdowns of…

Walkthrough of the machine called "PC" in the OffSec Proving Grounds...don't watch unless you want help getting through the machine. I had some issues with exploits working but eventually found a winner. The first one will likely work if you clean it up as will the second one if you…

⚡This is a walkthrough of OffSec Proving Grounds machine called "LaVita" In this walkthrough we exploit the Laravel PHP Framework using a python exploit, utilize pspy64 to view processes running as other users, and perform shell injection into running processes to get access to another account. Finally, we utilize GTFObins…