“oscp.exe” OVERFLOW1 – Simple Buffer Overflow Exploit Code

Posted inCoding, Ethical Hacking, Hacking, Linux, msfvenom, Networking, Offsec, Python, Security, Tutorial
First buffer overflow exploit done. "oscp.exe" has 10 overflows you can practice on, this is for "OVERFLOW1". Using tools like Immunity Debugger and Mona we followed a proven set of steps to create exploit in Python3: ✔️ Fuzz the app to determine around when it would crash by flooding buffer…

Offsec Proving Grounds Walkthrough – Cobbles

Posted inDocker, Ethical Hacking, Hacking, Linux, Networking, Offsec, Python, Security, Tutorial, Walkthrough
Walkthrough of the machine called "Cobbles" in the OffSec Proving Grounds...don't watch unless you want help getting through the machine. We take advantage of Zoneminder using a python exploit, then use enumeration to figure out the proxy situation. We end up privilege escalating using the exact same exploit by taking…

Offsec Proving Grounds Walkthrough – Jordak

Posted inEthical Hacking, Hacking, Linux, Networking, Offsec, Python, Security, Tutorial, Walkthrough
This is a walkthrough of "Jordak" in the OffSec Proving Grounds. In this video we take advantage of the Jorani leave management software and use tools like GTFOBins to privesc. ***SPOILER***Walkthrough of the machine called "Jordak" in the Offsec Proving Grounds...don't watch unless you want help getting through the machine.…

Offsec Proving Grounds Walkthrough – Pathway

Posted inEthical Hacking, Hacking, Linux, Networking, Offsec, Security, Tutorial, Walkthrough
This is a walkthrough of OffSec Proving Grounds machine "Pathway". If you have taken TCM Security's Practical Ethical Hacking/PrivEsc training you will know what to do, I used my notes from that training to exploit the machine. We take advantage of S3 bucket information to grab credentials using tools like…

Offsec Proving Grounds Walkthrough – BlackGate

Posted inEthical Hacking, Hacking, Linux, Networking, Offsec, Python, Security, Tutorial, Walkthrough
This is a walkthrough of OffSec Proving Grounds machine "BlackGate". It is rated as hard but there are several ways to take advantage of this machine (likely not intended by Offsec). We start by exploiting Redis and privesc using misconfigured SUID setting BUT there are some things you will need…

Offsec Proving Grounds Walkthrough – Press

Posted inEthical Hacking, Hacking, Linux, Networking, Offsec, Python, Security, Tutorial, Walkthrough
This is a walkthrough of the OffSec machine called Press. In this video we take advantage of a Flatpress blog and then we privesc using a misconfigured SUID binary. ***SPOILER***Walkthrough of the machine called "Press" in the Offsec Proving Grounds...don't watch unless you want help getting through the machine. https://youtu.be/4iG_qOSldok

Offsec Proving Grounds Walkthrough – Compromised

Posted inEthical Hacking, Hacking, Linux, Networking, Offsec, Python, Security, Tutorial, Walkthrough
Walkthrough of the machine called "Compromised" in the OffSec Proving Grounds...don't watch unless you want help getting through the machine. We take advantage of SMB, then use PowerShell to exploit this machine. ⚠️The privesc portion is very tough (at least for me it was) and I provide some breakdowns of…