Tag
This was an easy Linux machine that involved finding database credentials contained in a backup WordPress instance to gain initial access and exploiting the /sbin/initctl binary with Sudo permissions to escalate privileges to root.
Read moreThis was an easy Linux machine that involved exploiting a backup disclosure issue in SweetRice CMS to gain remote execution and a misconfigured script with root permissions to escalate privileges to root.
Read moreThis was an intermediate Windows machine that involved exploiting a stack buffer overflow vulnerability to gain initial access and dumping and decrypting Mozilla Firefox credentials stored on the box to escalate privileges to system.
Read moreThis was an intermediate Linux machine that involved chaining a local file inclusion and remote code execution vulnerability to gain initial access, and exploiting an issue with the Chkrootkit software to escalate privileges.
Read moreThis was an intermediate Linux machine that involved exploiting a stack buffer overflow vulnerability to gain SYSTEM level access to the box.
Read moreThis was an easy Linux machine that involved exploiting a vulnerable file upload functionality to gain initial access and Python with the SetUID bit assigned to it to escalate privileges to root.
Read moreThis was an easy Linux box that involved exploiting a blind SQL injection vulnerability in CMS Made Simple to obtain initial access and the Vim text editor allowed to run as root to escalate privileges to root.
Read moreCapabilities in Linux are special attributes that can be allocated to processes, binaries, services and users and they can allow them specific privileges that are normally reserved for root-level actions, such as being able to intercept network traffic or mount/unmount file systems. If misconfigured, these could allow an attacker to elevate their privileges to root.
Read moreThis was an intermediate Linux box that involved exploiting a PHP deserialization vulnerability to gain initial access, and a vulnerable Bash script to overwrite the root user’s authorized SSH keys and escalate privileges.
Read moreThis was an easy Windows box that involved exploiting an open FTP server to upload an ASPX shell and gain remote access to the host, and the MS10-015 KiTrap0D vulnerability to escalate privileges to SYSTEM.
Read more