Offsec Proving Grounds Walkthrough – Vault

Posted inEthical Hacking, Hacking, Linux, Networking, Offsec, Security, Tutorial, Uncategorized, Walkthrough
Walkthrough of the machine called "Vault" in the OffSec Proving Grounds...This is a Windows machine rated as hard, don't watch unless you want help getting through the machine. In this machine we use phishing type links on an open SMB share to catch hashes using responder for initial access, after…

Offsec Proving Grounds Walkthrough – Interface

Posted inEthical Hacking, Hacking, Linux, Networking, Node.js, Offsec, Python, Security, Tutorial, Walkthrough
This was a good one! This is a walkthrough of OffSec Proving Grounds machine "Interface". I haven't seen any walkthroughs of this machine out there. In this video we use hydra to brute force a node.js web application after using the browser's developer tools to discover API endpoints (user list).…

Offsec Proving Grounds Walkthrough – Filebrowser

Posted inEthical Hacking, Hacking, Linux, Offsec, Security, Tutorial, Walkthrough
Walkthrough of the machine called "Filebrowser" in the OffSec Proving Grounds...don't watch unless you want help getting through the machine. In this video we take advantage of weak credentials for an online file browsing application, take advantage of SSH keys, then escalate using incorrectly set SUID on a binary. https://youtu.be/DHX2XFdpG5g

“oscp.exe” OVERFLOW1 – Simple Buffer Overflow Exploit Code

Posted inCoding, Ethical Hacking, Hacking, Linux, msfvenom, Networking, Offsec, Python, Security, Tutorial
First buffer overflow exploit done. "oscp.exe" has 10 overflows you can practice on, this is for "OVERFLOW1". Using tools like Immunity Debugger and Mona we followed a proven set of steps to create exploit in Python3: โœ”๏ธ Fuzz the app to determine around when it would crash by flooding buffer…

Offsec Proving Grounds Walkthrough – Cobbles

Posted inDocker, Ethical Hacking, Hacking, Linux, Networking, Offsec, Python, Security, Tutorial, Walkthrough
Walkthrough of the machine called "Cobbles" in the OffSec Proving Grounds...don't watch unless you want help getting through the machine. We take advantage of Zoneminder using a python exploit, then use enumeration to figure out the proxy situation. We end up privilege escalating using the exact same exploit by taking…

Offsec Proving Grounds Walkthrough – Jordak

Posted inEthical Hacking, Hacking, Linux, Networking, Offsec, Python, Security, Tutorial, Walkthrough
This is a walkthrough of "Jordak" in the OffSec Proving Grounds. In this video we take advantage of the Jorani leave management software and use tools like GTFOBins to privesc. ***SPOILER***Walkthrough of the machine called "Jordak" in the Offsec Proving Grounds...don't watch unless you want help getting through the machine.…

Offsec Proving Grounds Walkthrough – Pathway

Posted inEthical Hacking, Hacking, Linux, Networking, Offsec, Security, Tutorial, Walkthrough
This is a walkthrough of OffSec Proving Grounds machine "Pathway". If you have taken TCM Security's Practical Ethical Hacking/PrivEsc training you will know what to do, I used my notes from that training to exploit the machine. We take advantage of S3 bucket information to grab credentials using tools like…

Offsec Proving Grounds Walkthrough – Flink

Posted inEthical Hacking, Hacking, java, Linux, Networking, Offsec, Security, Tutorial, Walkthrough
๐Ÿ“ฃ๐Ÿ†•This is a brand new machine in the Proving Grounds, there are no walkthroughs! This is a walkthrough of OffSec Proving Grounds machine "Flink". It is rated as Intermediate but it was quite tough because java isn't my thing. We take advantage of Apache Flink by uploading a custom malicious…