Tag
This was an intermediate Linux box that involved exploiting a PHP deserialization vulnerability to gain initial access, and a vulnerable Bash script to overwrite the root user’s authorized SSH keys and escalate privileges.
Read moreThis was an easy Linux machine that involved exploiting a vulnerable file upload functionality to gain initial access and various misconfigured scripts on the box to escalate privileges to root.
Read moreThis was an easy Linux machine that involved exploiting a vulnerability in MSFVenom to gain remote code execution, a misconfigured Bash script to escalate to the “pwn” user, and a Sudo rule to escalate privileges to root.
Read moreThis was an intermediate Linux machine that involved exploiting a SQL injection vulnerability to gain initial access, a misconfigured Python script to escalate to the “pepper” user and the Systemctl binary with SUID privileges set to escalate to root.
Read moreThis was an intermediate Linux machine that involved exploiting a remote code execution vulnerability in the CuteNews web application to gain initial access, exposed user password hashes to gain a user shell, and a vulnerability in the USBCreator D-Bus interface to escalate privileges to root.
Read moreThis was an intermediate Linux machine that involved exploiting a remote code execution in GitLab to gain initial access, an exposed root password and a misconfigured docker container to escalate privileges to root.
Read moreThis was an easy Windows box that involved exploiting a remote buffer overflow vulnerability in the Chatterbox application to gain initial access and using cached autologon credentials to execute a reverse shell as the Administrator user and escalate privileges.
Read moreThis was an easy Windows machine that involved uploading a web.config file onto a Windows ASP web server to gain remote code execution and exploiting token impersonation to escalate privileges to system.
Read moreThis was an intermediate Linux box that involved exploiting an insecure AWS S3 bucket to upload a PHP reverse shell to gain remote access, using credentials found in an unprotected DynamoDB database to gain a user shell and exploiting a vulnerable PHP script to extract the root user’s private SSH keys and escalate privileges to root through the DynamoDB database.
Read moreThis was a fairly easy Linux box that involved exploiting a local file inclusion and remote code execution vulnerability in GitLab to gain remote access to the machine, obtaining administrative access to GitLab through the console to find a user’s private key and exploiting a PATH hijack vulnerability within a SUID script to escalate privileges to root.
Read more