GIT-DUMPER
OFFSEC - Proving Grounds - SPLODGE
·2019 words·10 mins
OFFSEC PG PRACTICE
GIT
GIT-DUMPER
PYTHON_VIRTUAL_ENVIRONMENT
PREG_REPLACE
PWNKIT
Git repository on port 80 yields password via git-dumper. Login to admin panel on 8080, exploit preg_replace for initial access. Use pwnkit (CVE-2021-4034) to get root.
OFFSEC - Proving Grounds - BITFORGE
·4120 words·20 mins
OSCP
OFFSEC PG PRACTICE
SIMPLE ONLINE PLANNING
GIT
GIT-DUMPER
MYSQL
PSPY
FLASK
Git on port 80 leaks MySQL credentials. RCE in Simple Planning v1.52.01 for initial access, with pspy64 find jack’s credentials and changing flask script escalates to root.