↓Skip to main content

SSI

OFFSEC - Proving Grounds - SYNAPSE

29 August 2025·3175 words·15 mins

OFFSEC PG PRACTICE SSI JOHN GPG2JOHN MD5SUM SOCAT

Synapse web app on port 80 allows SSI abuse via profile picture upload. Gain www-data access, crack GPG key to become mindsflee user, then use sudo synapse_commander.py with socat to escalate to root.