This is a walkthrough of OffSec Proving Grounds machine “Pathway”. If you have taken TCM Security‘s Practical Ethical Hacking/PrivEsc training you will know what to do, I used my notes from that training to exploit the machine. We take advantage of S3 bucket information to grab credentials using tools like Gobuster. We then privesc using a technique that involved the LD_PRELOAD being available to sudo users…a small C program (literally straight from Heath’s class) is generated to create a malicious library and away we go! ***SPOILER***Walkthrough of the machine called “Pathway” in the Offsec Proving Grounds…don’t watch unless you want help getting through the machine.
Offsec Proving Grounds Walkthrough – Pathway
