Tag
This was an intermediate Linux machine that involved exploiting an SQL injection vulnerability to gain access to a traceroute page affected by a remote command vulnerability in order to obtain a reverse shell, and exploiting a PHP function used in a cron hob to gain root-level code execution and therefore a root shell.
Read moreThis was an easy Solaris machine that required enumerating users in the Finger service to identify the sunny user, bruteforcing it with Hydra to authenticate via SSH, cracking a user hash found in a backup folder to escalate to the sammy user and exploiting the SUID permission set against Wget to escalate privileges to root.
Read moreThis was an easy Windows box that involved exploiting the EternalBlue SMB vulnerability which is part of the MS17-010 security bulletin.
Read moreThis was a fairly easy Linux box that involved exploiting an arbitrary file upload vulnerability in the My Image plugin of the Nibbleblog web application in order to upload a reverse shell, and a script with sudo permissions allowed to escalate privileges to root.
Read moreThis was an easy Windows box which involved accessing an open SMB share, decrypting a Group Policy Preference password found on the share to obtain the Administrator user’s hash which is then cracked to authenticate to the machine as SYSTEM.
Read moreThis was a very easy Linux box which involved gaining a user shell by exploiting the really common Shellshock Linux vulnerability and escalating privileges to root by exploiting Perl which could be executed using sudo.
Read moreThis was an easy Windows box that involved extracting and cracking hashes from a Windows .vhd backup image to gain initial access and exploiting a vulnerability in mRemoteNG that allowed to decrypt stored passwords to escalate privileges to SYSTEM.
Read moreThis was an easy Linux box that involved exploiting a vulnerability that allowed to remotely download and execute files to gain initial access, using Steganography to escalate to the mardov user and exploiting a custom SUID binary to gain root access.
Read moreThis was an easy Windows box that involved exploiting a remote command execution vulnerability in the Rejetto HTTP File Server web application to gain an initial foothold and exploiting an overflow vulnerability in a version of Windows 8.1 (MS16-098) to escalate to system.
Read moreThis was an easy Linux box that involved exploiting a remote command execution vulnerability in the distcc service to gain an initial foothold and the Nmap interactive mode to escalate privileges to root
Read more