security

⚡This is a walkthrough of OffSec Proving Grounds machine called "LaVita" In this walkthrough we exploit the Laravel PHP Framework using a python exploit, utilize pspy64 to view processes running as other users, and perform shell injection into running processes to get access to another account. Finally, we utilize GTFObins…

📣Walkthrough of the machine called "Monster" in the OffSec Proving Grounds. We take advantage of Monstra using a python exploit, then use enumeration to figure out that XAMPP is running on the server and exploit that for privilege escalation. Trying to learn more PowerShell and this helped! ***SPOILERS*** I show…

🎥I have a backlog of recorded videos🎥 so you get another bonus walkthrough! This is a walkthrough of Offsec Proving Grounds machine called "Symbolic". In this walkthrough we exploit a HTML to PDF website using tools like gobuster, a Google Project Zero tool called CreateSymlink, and privesc with SSH key…

📣This is a walkthrough of the Offsec machine called "Sorcerer". I really enjoyed this one and there aren't too many walkthroughs of it available, so I hope this helps! It features exploitation using gobuster, script modification, scp, SSH Keys, and abusing binaries with the SUID set. I learned a lot…

This is a walkthrough of the OffSec machine called "Outdated" (not to be confused with a Hack The Box machine of same name!). I haven't really seen many walkthroughs (if any) of this Offsec machine so, you're welcome! It features the exploitation of mPDF using local file inclusion, SSH port…