OSCP+ Proving Grounds ChatRoom (Walkthrough) скачать в хорошем качестве

OSCP+ Proving Grounds ChatRoom (Walkthrough)

The box is standalone, rated Intermediate/Hard, and was released in October 2024. About the box The web application has several critical vulnerabilities, including a “Forgot Password” feature that reveals user existence and exposes the password reset token, making it vulnerable to brute force attacks. The two-factor authentication (2FA) system only utilizes a four-digit code without rate limiting, further allowing for brute force exploitation. Additionally, command injection is possible through admin-configured webhooks, enabling attackers to execute arbitrary commands and read local files. The www-data user’s access to the dylan user’s home directory, including the .ssh folder with the id_rsa key, amplifies the risk of privilege escalation. This walkthrough describes the vulnerabilities in the custom web application hosted on the target machine and the system misconfigurations, highlighting several critical security flaws and the potential for privilege escalation. Credit Song Jacob and the Stone by Emile Mosseri for the film Minari Photo by Khamkéo Vilaysing from Unsplash #oscp #provingground