RSYNC
OFFSEC - Proving Grounds - VANITY
·2106 words·10 mins
OFFSEC PG PRACTICE
RSYNC
NMAP
COMMAND INJECTION
Rsync on 873 shares web application source code, using cmd injection gains initial access. Abuse rsync cronjob with -e option to get root.
OFFSEC - Proving Grounds - FAIL
·2555 words·12 mins
OFFSEC PG PRACTICE
RSYNC
FAIL2BAN
Upload SSH key via rsync for initial access. Abuse fail2ban’s actioncheck in iptables-multiport.conf and trigger it by failed SSH logins to escalate to root.