Skip to content

Postfish -- Proving Grounds (write-up)

Difficulty: Intermediate Box: Postfish (Proving Grounds) Author: dsec Date: 2025-07-28

TL;DR

Enumerated users/services, SSH'd in with discovered creds. Privesc via sudo 1.8.31 root exploit.

Target info

  • Host: see nmap results

Enumeration

Nmap results

Nmap continued

Enumeration

More enumeration

Exploitation

SSH'd in with discovered creds:

SSH login

Privilege escalation

Ran linpeas:

linpeas output

Found vulnerable sudo version. Used sudo 1.8.31 root exploit:

https://github.com/mohinparamasivam/Sudo-1.8.31-Root-Exploit

Root shell

Lessons & takeaways

  • Always check sudo version -- 1.8.31 has a known root exploit
  • Linpeas highlights vulnerable sudo versions automatically