A walkthrough of an OffSec lab machine called ICMP, covering the full attack chain from network enumeration with Nmap to initial access via an unauthenticated RCE vulnerability in Monitorr 1.7.6m, credential harvesting through a readable PHP crypt script, and privilege escalation by abusing sudo permissions on hping3 (as documented on GTFOBins). The lab concludes with full root compromise using a discovered private SSH key.
Sort: