CHISEL

OFFSEC - Proving Grounds - CONVERTEX

16 September 2025·2078 words·10 mins

OFFSEC PG PRACTICE XXE SELENIUM CHISEL

XXE in web application on port 5000 and leaks gustavo SSH private key for initial access. Forward selenium port 4444 with chisel, exploit with Python script to gain root.

OFFSEC - Proving Grounds - AIR

12 September 2025·2962 words·14 mins

OFFSEC PG PRACTICE ARIA2 WEBUI CHISEL SSH-KEYGEN

Aria2 WebUI on port 8888 is vulnerable to path traversal (CVE-2023-39141). Steal deathflash SSH key for initial access, find RPC key, forward port 6800 with chisel, configure app, upload SSH key to root for root access.

OFFSEC - Proving Grounds - OUTDATED

26 August 2025·2362 words·12 mins

OFFSEC PG PRACTICE MPDF EXIFTOOL CHISEL WEBMIN

SSH or initial access by exploiting the website using mPDF 6.0 and downloading credentials, reuse creds for Webmin on port 10000 to escalate to root.

OFFSEC - Proving Grounds - VMDAK

20 August 2025·3176 words·15 mins

OSCP OFFSEC PG PRACTICE PRISON MANAGEMENT SYSTEM MYSQL CHISEL JENKINS BURP

Prison management system on port 9443 vulnerable to SQL injection & RCE once initial access got MySQL creds and SSH in. Using port forward on 8080 we can exploit Jenkins (CVE-2024-23897) for root.