CURL
OFFSEC - Proving Grounds - GRAPH
·2351 words·12 mins
OFFSEC PG PRACTICE
GRAPHQL
CURL
BURP
HASHCAT
MKPASSWD
On port 80 is a graphql endpoint with SQL injection and gets hashes. Crack one for initial access. Python script with newline injection sets josh password. As josh, read /etc/shadow, crack root’s hash and escalate to root.