Skip to content

PC -- Proving Grounds (write-up)

Difficulty: Intermediate Box: PC (Proving Grounds) Author: dsec Date: 2025-09-30

TL;DR

Enumeration of running processes revealed attack surface. Privesc via SUID on bash.

Target info

  • Host: PC (Proving Grounds)

Enumeration

Nmap results

Checked running processes:

ps -auxww

Processes

Service enum

Further enum

Foothold

Dead end

nada -- moved on.

Alternate approach

Shell access

Privilege escalation

SUID exploit

Root shell

Set SUID on bash and executed:

/bin/bash -p

Only needed u+s /bin/bash as the payload.

Lessons & takeaways

  • Always check running processes with ps -auxww for hidden services
  • SUID on /bin/bash is a quick path to root via bash -p