This is a walkthrough of Offsec Proving Grounds machine called "LaVita". In this walkthrough we exploit the Laravel PHP Framework using a python exploit, utilize pspy64 to view processes running as other users, and perform shell injection into running processes to get access to another account. Finally, we utilize GTFObins (exploiting sudo no password with composer) to privesc and grab the root flag! ***SPOILER*** don't watch unless you want help getting through the machine.
There aren't many, if any walkthroughs of this machine so, you're welcome!
Links used in walkthrough:
https://github.com/joshuavanderpoll/CVE-2021-3129
https://gtfobins.github.io/gtfobins/composer/
