Offsec Proving Grounds Walkthrough – Jordak

Posted inEthical Hacking, Hacking, Linux, Networking, Offsec, Python, Security, Tutorial, Walkthrough
This is a walkthrough of "Jordak" in the OffSec Proving Grounds. In this video we take advantage of the Jorani leave management software and use tools like GTFOBins to privesc. ***SPOILER***Walkthrough of the machine called "Jordak" in the Offsec Proving Grounds...don't watch unless you want help getting through the machine.…

Offsec Proving Grounds Walkthrough – Pathway

Posted inEthical Hacking, Hacking, Linux, Networking, Offsec, Security, Tutorial, Walkthrough
This is a walkthrough of OffSec Proving Grounds machine "Pathway". If you have taken TCM Security's Practical Ethical Hacking/PrivEsc training you will know what to do, I used my notes from that training to exploit the machine. We take advantage of S3 bucket information to grab credentials using tools like…

Offsec Proving Grounds Walkthrough – Flink

Posted inEthical Hacking, Hacking, java, Linux, Networking, Offsec, Security, Tutorial, Walkthrough
📣🆕This is a brand new machine in the Proving Grounds, there are no walkthroughs! This is a walkthrough of OffSec Proving Grounds machine "Flink". It is rated as Intermediate but it was quite tough because java isn't my thing. We take advantage of Apache Flink by uploading a custom malicious…

Offsec Proving Grounds Walkthrough – BlackGate

Posted inEthical Hacking, Hacking, Linux, Networking, Offsec, Python, Security, Tutorial, Walkthrough
This is a walkthrough of OffSec Proving Grounds machine "BlackGate". It is rated as hard but there are several ways to take advantage of this machine (likely not intended by Offsec). We start by exploiting Redis and privesc using misconfigured SUID setting BUT there are some things you will need…

Offsec Proving Grounds Walkthrough – Press

Posted inEthical Hacking, Hacking, Linux, Networking, Offsec, Python, Security, Tutorial, Walkthrough
This is a walkthrough of the OffSec machine called Press. In this video we take advantage of a Flatpress blog and then we privesc using a misconfigured SUID binary. ***SPOILER***Walkthrough of the machine called "Press" in the Offsec Proving Grounds...don't watch unless you want help getting through the machine. https://youtu.be/4iG_qOSldok

Offsec Proving Grounds Walkthrough – Compromised

Posted inEthical Hacking, Hacking, Linux, Networking, Offsec, Python, Security, Tutorial, Walkthrough
Walkthrough of the machine called "Compromised" in the OffSec Proving Grounds...don't watch unless you want help getting through the machine. We take advantage of SMB, then use PowerShell to exploit this machine. ⚠️The privesc portion is very tough (at least for me it was) and I provide some breakdowns of…

Offsec Proving Grounds Walkthrough – LaVita

Posted inEthical Hacking, Hacking, Linux, Networking, Offsec, Python, Security, Tutorial, Walkthrough
⚡This is a walkthrough of OffSec Proving Grounds machine called "LaVita" In this walkthrough we exploit the Laravel PHP Framework using a python exploit, utilize pspy64 to view processes running as other users, and perform shell injection into running processes to get access to another account. Finally, we utilize GTFObins…