Port 80 had a BadCorp’s http web page which did not surprise me initially. No interesting leads from nikto and gobuster though. But after careful enumeration at /about.html, I found some unique phone…

SystemWeakness's platform is  dedicated to cybersecurity education and awareness, offering insights into common security vulnerabilities, attack techniques, and risk mitigation strategies. Through articles, tutorials, and security advisories, SystemWeakness offers insights into securing software applications, networks, and systems from cyber threats. Readers can learn about secure coding practices, penetration testing methodologies, and incident response procedures to strengthen their cybersecurity posture and protect against cyber attacks.

System Weakness

This post details a walkthrough of the Proving Grounds: BadCorp challenge, rated as very hard by the community. It covers steps from initial scanning and enumeration to finding an SSH private key and using it to gain access. The post highlights methods used for privilege escalation, including reverse engineering a binary with Ghidra and crafting a payload for command injection to achieve root access.

Proving Grounds: BadCorp Walkthrough