https://chiefdennis.github.io/tags/gtfobins/Recent content in GTFObins on Chief Dennis' BlogHugoenThu, 11 Dec 2025 13:07:16 +0100https://chiefdennis.github.io/posts/offsec_sorcerer/Thu, 11 Dec 2025 13:07:16 +0100https://chiefdennis.github.io/posts/offsec_sorcerer/<h2 id="sorcerer-offsec-walkthrough"> Sorcerer OffSec Walkthrough <a class="heading-link" href="#sorcerer-offsec-walkthrough"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p><img src="https://chiefdennis.github.io/posts/offsec_sorcerer/Picture_0.png" alt="image"></p> <h3 id="1-introduction"> 1. Introduction <a class="heading-link" href="#1-introduction"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h3> <p>This walkthrough documents the compromise of the Sorcerer machine from CyberSecLabs (CFT).</p> <p>We compromised the Sorcerer machine through classic multi-surface enumeration: multiple web servers, exposed ZIP archives leaking Tomcat credentials and SSH keys, restricted SSH bypass through editing authorized_keys, and final privilege escalation via a misconfigured SUID start-stop-daemon binary (GTFOBins).</p>