HASHCAT

OFFSEC - Proving Grounds - GRAPH

7 September 2025·2351 words·12 mins

OFFSEC PG PRACTICE GRAPHQL CURL BURP HASHCAT MKPASSWD

On port 80 is a graphql endpoint with SQL injection and gets hashes. Crack one for initial access. Python script with newline injection sets josh password. As josh, read /etc/shadow, crack root’s hash and escalate to root.

OFFSEC - Proving Grounds - WORKAHOLIC

16 August 2025·2806 words·14 mins

OSCP OFFSEC PG PRACTICE WPPROBE SQLMAP HASHCAT FTP STRACE GCC

Use OFFSEC creds or scan Wordpress. Exploit a Wordpress vulnerability (CVE-2024-9796), crack hashes for charlie/ted. FTP as ted and SSH in as charlie. Escalate to root via SUID binary with custom shared object.

OFFSEC - Proving Grounds - EXTPLORER

15 August 2025·2184 words·11 mins

OSCP OFFSEC PG PRACTICE EXTPLORER HASHCAT GROUP DISK

eXtplorer application on port 80 with weak credentials which allows PHP reverse shell. As www-data, we can’t read local.txt. Crack dora’s hash, switch to dora in disk group, read proof.txt.