↓Skip to main content

HYDRA

OFFSEC - Proving Grounds - POSTFISH

12 October 2025·3193 words·15 mins

OFFSEC PG PRACTICE SMTP-USER-ENUM USERNAME_GENERATOR HYDRA IMAP IMAPS SENDEMAIL PWNKIT

Website PostFish on port 80 and SMTP on port 25 reveal usernames. Hydra finds credentials, sending an email with a reset link grants brian access. Pwnkit (CVE-2021-4034) escalates to root.

OFFSEC - Proving Grounds - BANZAI

21 September 2025·2971 words·14 mins

OFFSEC PG PRACTICE HYDRA GOBUSTER MYSQL MYSQL UDF GCC

FTP on port 21 with weak credentials holds web dirirectory for port 8295. Upload PHP shell to gain initial access. MySQL UDF exploit sets SUID on bash and allows us to escalates to root.