COMMAND INJECTION
OFFSEC - Proving Grounds - VANITY
·2106 words·10 mins
OFFSEC PG PRACTICE
RSYNC
NMAP
COMMAND INJECTION
Rsync on 873 shares web application source code, using cmd injection gains initial access. Abuse rsync cronjob with -e option to get root.
OFFSEC - Proving Grounds - DEVELOP
·4146 words·20 mins
OFFSEC PG PRACTICE
GIT
TCPDUMP
COMMAND INJECTION
IFS
PYTHON WEBSERVER POST
PWNKIT
Access Git repository on port 80 for credentials, login application on port 8080 and use command injection to retrieve a SSH key. Exploit CVE-2021-4034 to become root.