Author
This was an easy Linux machine that involved performing content discovery against a web application to identify the SSH password of a user to obtain initial access and exploit various vulnerable Linux binary to escalate privileges to root.
Read moreThis was a very easy Linux machine that involved bruteforcing user credentials via SSH to gain initial access and exploiting the Tar binary with Sudo permissions enabled to escalate privileges to root.
Read moreThis was an easy BSD box that involved identifying user credentials for a pfSense instance and exploiting a known command injection vulnerability affecting the product to gain root-level access on the machine.
Read moreThis was an easy Linux machine that involved exploiting a SQL injection vulnerability to gain initial access, clear-text database credentials and miconfigured Sudo rules to escalate privileges to root.
Read moreThis was a hard Windows machine that involved exploiting a directory traversal vulnerability to forge session cookies and hijack an admin user’s session, a file upload functionality through which remote command execution can be obtained, and a SQL injection vulnerability to escalate privileges to Administrator
Read moreThis was an easy Windows machine that involved exploiting an unauthenticated remote code execution vulnerability through file upload bypass affecting Gym Management System to gain initial access and a buffer overflow vulnerability in the CloudMe software to escalate privileges to Administrator.
Read moreThis was an easy Windows machine that involved exploiting a Kerberoastable service account to gain initial access and using a base64-encoded password stored in an unattended installation file to escalate privileges to Administrator.
Read moreThis was an intermediate Windows machine that involved exploiting a vulnerability in Electron-Builder to gain initial access, a clear-text Redis password, and a vulnerability in Portable Kanban to decrypt the administrator password and escalate privileges.
Read moreThis was an intermediate Windows machine that involved enumerating an active directory domain, using ASREPRoasting to obtain initial access, and performing a DCSync attack to escalate privileges to Administrator-level access.
Read moreThis was a Windows machine that required to enumerate a WordPress instance to identify user credentials and remotely authenticate via RDP and exploit the Windows COM Vulnerability to escalate privileges to SYSTEM.
Read more