May 1, 2025

Algernon Proving Grounds Write-Up

Adrian Reategui
Share
Proving Grounds Algernon machine walkthrough

SUMMARY

This write-up covers the Algernon machine from Offsec’s Proving Grounds, a straightforward Windows machine where a single exposed service leads directly to Administrator access.

Port enumeration revealed an HTTP server on port 9998 running SmarterMail. A search for public exploits returned a known Remote Code Execution vulnerability for the identified version. After configuring the exploit with the attacker’s IP and listening port alongside the target IP, executing the script returned a shell as Administrator no privilege escalation required.

PATH TO FOLLOW

  1. Reconnaissance & Port Scanning
  2. SmarterMail Version Identification on Port 9998
  3. Public RCE Exploit Discovery
  4. Exploit Configuration & Execution
  5. Shell as Administrator

Due to OffSec’s policy on content sharing, these write-ups will provide hints only rather than full solutions.I know, boring stuff.

Windows SmarterMail RCE ProvingGrounds

Table of Contents