OffSec Proving Grounds Practice - Jacko Writeup

A writeup for the Jacko lab, covering H2 Database exploitation through JNI, reverse shell access, Windows enumeration, and privilege escalation using SeImpersonatePrivilege.

May 27, 2026 · 6 min · Max Tse

OffSec Proving Grounds Practice - AuthBy Writeup

OffSec Proving Grounds Practice - AuthBy Writeup This is my writeup for AuthBy, a Windows machine from OffSec Proving Grounds Practice. I found this machine quite useful because the attack path was not just about scanning and running a public exploit. The chain started from FTP enumeration, moved into credential discovery, then web access, initial foothold through a PHP reverse shell, and finally Windows privilege escalation. The overall attack path was: ...

May 19, 2026 · 9 min · Max Tse