JOHN
OFFSEC - Proving Grounds - SYNAPSE
·3175 words·15 mins
OFFSEC PG PRACTICE
SSI
JOHN
GPG2JOHN
MD5SUM
SOCAT
Synapse web app on port 80 allows SSI abuse via profile picture upload. Gain www-data access, crack GPG key to become mindsflee user, then use sudo synapse_commander.py with socat to escalate to root.
OFFSEC - Proving Grounds - SCRUTINY
·2638 words·13 mins
OSCP
OFFSEC PG PRACTICE
VHOST
JOHN
SSH2JOHN
TEAMCITY
Initial access via OFFSEC credentials or TeamCity CVE-2024-27198 exploit, get id_rsa key for marcot and password of multiple users. Briand runs /usr/bin/systemctl as root, escalate to root using GTFOBins.