{"id":351,"date":"2025-10-24T18:34:04","date_gmt":"2025-10-24T18:34:04","guid":{"rendered":"https:\/\/rmfsales.com\/?p=351"},"modified":"2025-10-24T18:34:04","modified_gmt":"2025-10-24T18:34:04","slug":"offsec-proving-grounds-walkthrough-monster","status":"publish","type":"post","link":"https:\/\/rmfsales.com\/?p=351","title":{"rendered":"Offsec Proving Grounds Walkthrough &#8211; Monster"},"content":{"rendered":"<p>\ud83d\udce3Walkthrough of the machine called &#8220;Monster&#8221; in the <a class=\"jYriGnCbgYuGbzrKRsWZkYsnLoHFHtXpyjo \" tabindex=\"0\" href=\"https:\/\/www.linkedin.com\/company\/offsec-training\/\" target=\"_self\" data-test-app-aware-link=\"\">OffSec<\/a> Proving Grounds. We take advantage of Monstra using a python exploit, then use enumeration to figure out that XAMPP is running on the server and exploit that for privilege escalation. Trying to learn more PowerShell and this helped! ***SPOILERS*** I show you how to pwn machine, don&#8217;t watch unless you want help getting through it!<\/p>\n<div class=\"jetpack-video-wrapper\"><iframe loading=\"lazy\" title=\"Offsec Proving Grounds Walkthrough - Monster\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/8AO82KxMocU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ud83d\udce3Walkthrough of the machine called &#8220;Monster&#8221; in the OffSec Proving Grounds. We take advantage of Monstra using a python exploit, then use enumeration to figure out that XAMPP is running on the server and exploit that for privilege escalation. Trying to learn more PowerShell and this helped! ***SPOILERS*** I show&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[53,48,7,27,55,73,44,10,54],"tags":[51,13,28,57,74,46,15,56],"class_list":["post-351","post","type-post","status-publish","format-standard","hentry","category-ethical-hacking","category-hacking","category-linux","category-networking","category-offsec","category-python","category-security","category-tutorial","category-walkthrough","tag-cybersecurity","tag-linux","tag-networking","tag-offsec","tag-python","tag-security","tag-tutorial","tag-walkthrough"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/rmfsales.com\/index.php?rest_route=\/wp\/v2\/posts\/351","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rmfsales.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rmfsales.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rmfsales.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rmfsales.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=351"}],"version-history":[{"count":1,"href":"https:\/\/rmfsales.com\/index.php?rest_route=\/wp\/v2\/posts\/351\/revisions"}],"predecessor-version":[{"id":352,"href":"https:\/\/rmfsales.com\/index.php?rest_route=\/wp\/v2\/posts\/351\/revisions\/352"}],"wp:attachment":[{"href":"https:\/\/rmfsales.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rmfsales.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=351"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rmfsales.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}