Author
This was a hard Linux machine that required to abuse local file inclusion to access and exploit a vulnerable Cacti web application in order to gain a foothold, leverage a deserialization vulnerability affecting Apache Ofbiz and breaking out of a docker container to obtain full access.
Read moreThis was an easy Linux machine that required to find clear-text credentials stored in a PCAP file to gain initial access and exploit Python with the cap_setuid capability enabled to escalate privileges to root.
Read moreThis was an intermediate Linux machine that required to enumerate SNMP in order to find and exploit a vulnerable SeedDMS instance to gain initial access and to exploit a misconfigured Bash script to elevate privileges to root.
Read moreCertain applications may be running or may be allowed to run with higher privileges than the current user due to their need to access particular system files or simply due to misconfigurations. Since anything done within the said application will be executed with the privileges of the process, if it allows to perform other actions such as opening a command prompt or running executables those will also be executed with high privileges, therefore allowing to escalate privileges.
Read moreThis was an intermediate OpenBSD machine that required to chain several Moodle vulnerabilities to escalate privileges to administrator and obtain initial access and exploit the PKG OpenBSD binary with Sudo permissions enabled to escalate privileges to root.
Read moreThis was an easy Linux machine that involved exploiting an arbitrary code execution vulnerability in the Kibana web application to gain initial access and the Python3 binary with the cap_setuid capability assigned to escalate privileges to root.
Read moreThis was an easy Rick and Morty-themed Linux challenge that required to exploit a webserver to find 3 ingredients through local enumeration using a web console that will help Rick make his potion to transform himself back into a human from a pickle.
Read moreThis was a simple Linux machine that required to enumerate a web server and exploit a remote code execution vulnerability affecting Fuel CMS to gain initial access, and exposed clear-text database credentials to escalate privileges to root.
Read moreThis was an easy Linux machine that required to exploit a remote command execution backdoor affecting PHP 8.1.0-dev to obtain initial access and the Knife binary with Sudo permissions enabled to escalate privileges to root.
Read moreUser-Defined Functions in MySQL are used to extend the functionality by adding external code that will work the same as inbuilt functions. Certain versions of MySQL are affected by vulnerabilities that could allow attackers with database root access to execute code in the context of the MySQL process, which is often root, and escalate privileges.
Read more