This is a walkthrough of OffSec Proving Grounds machine “RussianDolls”. I haven’t seen many, if any walkthroughs of this machine. I wrote a custom SSRF script to brute force ports (it could have been very simple, but I am a psychopath and over engineered it), link to Github in video description. We use this script to find a previously unknown application. After a bit of directory traversal we find creds and login via SSH…we find a binary with “sudo -l” abilities and have to figure out how to take advantage of it to privesc! ***SPOILER***Walkthrough of the machine called “RussianDolls” in the Offsec Proving Grounds…don’t watch unless you want help getting through the machine.
Script:
https://github.com/rflemen/python_code/blob/main/offsec_russiandolls_scanner/scan_url.py
