{"id":489,"date":"2026-01-04T15:26:48","date_gmt":"2026-01-04T15:26:48","guid":{"rendered":"https:\/\/rmfsales.com\/?p=489"},"modified":"2026-01-04T16:19:40","modified_gmt":"2026-01-04T16:19:40","slug":"hacking-17","status":"publish","type":"post","link":"https:\/\/rmfsales.com\/?p=489","title":{"rendered":"Offsec Proving Grounds Walkthrough – RussianDolls"},"content":{"rendered":"

This is a walkthrough of OffSec<\/a> Proving Grounds machine “RussianDolls”. I haven’t seen many, if any walkthroughs of this machine. I wrote a custom SSRF script to brute force ports (it could have been very simple, but I am a psychopath and over engineered it), link to Github in video description. We use this script to find a previously unknown application. After a bit of directory traversal we find creds and login via SSH…we find a binary with “sudo -l” abilities and have to figure out how to take advantage of it to privesc! ***SPOILER***Walkthrough of the machine called “RussianDolls” in the Offsec Proving Grounds…don’t watch unless you want help getting through the machine.<\/p>\n

Script:<\/p>\n

https:\/\/github.com\/rflemen\/python_code\/blob\/main\/offsec_russiandolls_scanner\/scan_url.py<\/a><\/p>\n

 <\/p>\n