Bratarina Proving Grounds Write-Up
SUMMARY
This write-up covers the Bratarina machine from Offsec’s Proving Grounds, a straightforward Linux machine where a vulnerable mail service led directly to root.
Port 25 ran a vulnerable version of OpenSMTPD. A public exploit for the service was identified and executed, delivering a Python reverse shell payload. The exploit resulted in direct code execution as root, with no privilege escalation step required.
PATH TO FOLLOW
- Reconnaissance & OpenSMTPD Version Identification
- Public Exploit Execution → Reverse Shell as Root
Due to OffSec’s policy on content sharing, these write-ups will provide hints only rather than full solutions.I know, boring stuff.