Walkthrough of the machine called “Escape” in the OffSec Proving Grounds…this is a Linux machine rated as hard. In this video we exploit a website using Burp Suite to upload a PHP reverse shell masquerading as a .gif. Once on the machine we determine the we can escape the Docker container using the SNMP “extend” functionality. Finally, we laterally move to the user Tom via a exploitation of a custom binary using capabilities and modifying the search order of our PATH. We then privesc taking advantage of an OpenSSL server, again, using incorrectly set capabilities.
Offsec Proving Grounds Walkthrough – Escape
