SHOWMOUNT
OFFSEC - Proving Grounds - LUNAR
·2959 words·14 mins
OFFSEC PG PRACTICE
STRCMP
LOG POISONING
SHOWMOUNT
NO_ROOT_SQUASH
NFS
Download zip from port 80, exploit PHP for LFI, use log poisoning for RCE as www-data. SSH with liam’s key for lateral movement and escalate to root via NFS no_root_squash.
OFFSEC - Proving Grounds - CHARLOTTE
·4141 words·20 mins
OFFSEC PG PRACTICE
SHOWMOUNT
GOBUSTER
BURP
EJS
SSH-KEYGEN
Use credentials or mount shares for application code. Leak creds via nginx (80) using BURP. Exploit RCE as www-data. Deploy JS to abuse a cronjob and move laterally. Escalate to root with sudo/bash.