Tag
This was an easy Linux machine that involved exploiting a vulnerable file upload functionality to gain initial access and various misconfigured scripts on the box to escalate privileges to root.
Read moreThis was an easy Linux machine that involved exploiting a vulnerability in MSFVenom to gain remote code execution, a misconfigured Bash script to escalate to the “pwn” user, and a Sudo rule to escalate privileges to root.
Read moreThis was an intermediate Linux machine that involved exploiting a SQL injection vulnerability to gain initial access, a misconfigured Python script to escalate to the “pepper” user and the Systemctl binary with SUID privileges set to escalate to root.
Read moreThis was an intermediate Linux machine that involved exploiting the ticket reply via email functionality of osTicket to access a MatterMost web application to find SSH credentials and using Hashcat rules to crack root hashes stored in the MySQL database to escalate privileges.
Read moreThis was an intermediate Linux machine that involved exploiting a remote code execution vulnerability in the CuteNews web application to gain initial access, exposed user password hashes to gain a user shell, and a vulnerability in the USBCreator D-Bus interface to escalate privileges to root.
Read moreThis was an easy Windows box that involved exploiting a remote buffer overflow vulnerability in the Chatterbox application to gain initial access and using cached autologon credentials to execute a reverse shell as the Administrator user and escalate privileges.
Read moreThis was an easy Windows machine that involved uploading a web.config file onto a Windows ASP web server to gain remote code execution and exploiting token impersonation to escalate privileges to system.
Read moreThis was an intermediate Linux box that involved exploiting an insecure AWS S3 bucket to upload a PHP reverse shell to gain remote access, using credentials found in an unprotected DynamoDB database to gain a user shell and exploiting a vulnerable PHP script to extract the root user’s private SSH keys and escalate privileges to root through the DynamoDB database.
Read moreThis was a fairly easy Linux box that involved exploiting a local file inclusion and remote code execution vulnerability in GitLab to gain remote access to the machine, obtaining administrative access to GitLab through the console to find a user’s private key and exploiting a PATH hijack vulnerability within a SUID script to escalate privileges to root.
Read moreThis was an intermediate Windows machine that involved crawling a username and password from a web application to access RPC, through which a password stored in a printer’s description can be found in order to obtain remote access to the box, and exploiting a known vulnerability with the SeLoadDriverPrivilege permission to escalate privileges to SYSTEM.
Read more