Category
This was an intermediate Linux machine that required to identify a set of credentials hidden within an image file using the Piet programming language and exploiting a known remote code execution vulnerability in Nagios XI to escalate privileges to root.
Read moreThis was an intermediate Linux machine that involved capturing four flags by exploiting local file inclusion (through Apache log poisoning), the env binary with Sudo permissions enabled and a misconfigured cron job which allowed to escape the Docker container and access the underlying system.
Read moreThis was an intermediate Linux machine that involved exploiting a stored cross-site scripting and SQL injection vulnerability to gain initial access and misconfigured sudo rules to escalate privileges to Root.
Read moreThis was an easy Linux machine that involved exploiting an arbitrary code execution vulnerability in the Kibana web application to gain initial access and the Python3 binary with the cap_setuid capability assigned to escalate privileges to root.
Read moreThis was an easy Rick and Morty-themed Linux challenge that required to exploit a webserver to find 3 ingredients through local enumeration using a web console that will help Rick make his potion to transform himself back into a human from a pickle.
Read moreThis was a simple Linux machine that required to enumerate a web server and exploit a remote code execution vulnerability affecting Fuel CMS to gain initial access, and exposed clear-text database credentials to escalate privileges to root.
Read moreThis was an intermediate Linux machine that involved deciphering a password encrypted using the Vigenere cipher to gain initial access, exploiting a cron job to escalate to the tweedledum user, cracking user hashes to escalate to the humptydumpty user, accessing a private SSH key on the machine to escalate to the alice user and exploiting a misconfigured Sudo rule to escalate privileges to root.
Read moreThis was an easy Linux machine that involved exploiting the Ghostcat vulnerability affecting Apache Tomcat to gain initial access, cracking the hash of a GPG private key and exploiting the Zip binary with Sudo permissions enabled to escalate privileges to root.
Read moreThis was a room that taught the basics of PowerShell, how to perform enumeration on Windows with Powershell and the fundamentals of PowerShell scripting.
Read moreThis was an easy Linux machine that involved performing content discovery against a web application to identify the SSH password of a user to obtain initial access and exploit various vulnerable Linux binary to escalate privileges to root.
Read more