EXIFTOOL
OFFSEC - Proving Grounds - OUTDATED
·2362 words·12 mins
OFFSEC PG PRACTICE
MPDF
EXIFTOOL
CHISEL
WEBMIN
SSH or initial access by exploiting the website using mPDF 6.0 and downloading credentials, reuse creds for Webmin on port 10000 to escalate to root.
OFFSEC - Proving Grounds - EXFILTRATED
·2598 words·13 mins
OSCP
OFFSEC PG PRACTICE
SUBRION CMS
PWNKIT
EXIFTOOL
SSH or Subrion CMS 4.2.1 file upload for access. Run linpeas to find CVE-2021-4034 (PwnKit) & cronjob with exiftool (CVE-2021-22204) for root.