Offsec

📣Walkthrough of the machine called "Monster" in the OffSec Proving Grounds. We take advantage of Monstra using a python exploit, then use enumeration to figure out that XAMPP is running on the server and exploit that for privilege escalation. Trying to learn more PowerShell and this helped! ***SPOILERS*** I show…

🎥I have a backlog of recorded videos🎥 so you get another bonus walkthrough! This is a walkthrough of Offsec Proving Grounds machine called "Symbolic". In this walkthrough we exploit a HTML to PDF website using tools like gobuster, a Google Project Zero tool called CreateSymlink, and privesc with SSH key…

📣This is a walkthrough of the Offsec machine called "Sorcerer". I really enjoyed this one and there aren't too many walkthroughs of it available, so I hope this helps! It features exploitation using gobuster, script modification, scp, SSH Keys, and abusing binaries with the SUID set. I learned a lot…

This is a walkthrough of the OffSec machine called "Outdated" (not to be confused with a Hack The Box machine of same name!). I haven't really seen many walkthroughs (if any) of this Offsec machine so, you're welcome! It features the exploitation of mPDF using local file inclusion, SSH port…

🚨Walkthrough of the machine called "Twiggy" in the OffSec Proving Grounds...don't watch unless you want help getting through the machine. I had some issues with figuring out how to take advantage of the exploit but eventually prevailed after some experimentation. We take advantage of a RCE in ZeroMQ ZMTP software…