🆕Bonus Video this week. “Fractal” is a machine in the OffSec Proving grounds. This machine has been the bane of my existence. ☣️NOTE: There are definitely technical issues with this machine that will prevent you from fully exploiting it. I show you how to work around these issues. In this walkthrough we exploit Symfony and ProFTPD with MySQL. We upload SSH keys and take advantage of sudo with no password to privesc. ***SPOILER*** don’t watch unless you want help getting through the machine.
⚠️TLDR – after you initially exploit machine, a file you need to read (sql.conf) has the incorrect permissions (readable only by root), revert the machine and reconnect and the permissions will be fixed (readable by everyone). This is 100% reproducible, see link to screenshot below. I am not bothering with OffSec tech support as that becomes a multi-week saga of tech support hell, so I figured this out on my own! There aren’t many, if any, walkthroughs of this machine so, you’re welcome!⚠️
Issue screenshot: https://lnkd.in/eyZXan26
