Category
This was an easy Linux box that involved exploiting a remote command execution vulnerability in the distcc service to gain an initial foothold and the Nmap interactive mode to escalate privileges to root
Read moreThis was an easy Windows box that involved exploiting the PUT method in the WebDAV extension of the HTTP protocol to upload a reverse shell in order to obtain remote access, and exploiting a Windows vulnerability in the win32k.sys kernel mode driver.
Read moreThis was an easy Windows box that involved exploiting a WebDAV buffer overflow vulnerability present in IIS version 6 and using a vulnerability in the windows WMI service to escalate privileges.
Read moreThis was a very peculiar box, as it involved sending a password change link to a user from a web application in order to reset his password, uploading a PHP shell via SMB to gain remote code execution and therefore a shell, and using a password found in the underlying system’s bash history file to login as the administrator user
Read moreThis was a very easy box, as it involved logging into the Tomcat Web Application Manager using default credentials, deploying a new application using a malicious .war Java reverse shell and gaining a reverse shell by navigating to it.
Read moreThis was an easy Windows machine that involved exploiting a directory traversal vulnerability in the Adobe ColdFusion web application to obtain user hashes, cracking them with an online hash lookup tool and using a scheduled task to gain remote access. Privilege escalation was possible through a Windows Kernel Exploit.
Read moreThis is a fairly easy box that requires you to exploit the Eternal Blue vulnerability(CVE-2017-0143, fixed with the MS17-010 Microsoft update) in the SMB service(specifically version 1), which allows execution of code remotely.
Read more