Tag
This was a very easy Linux box which involved gaining a user shell by exploiting the really common Shellshock Linux vulnerability and escalating privileges to root by exploiting Perl which could be executed using sudo.
Read moreThis was an easy Windows box that involved exploiting a remote command execution vulnerability in the Rejetto HTTP File Server web application to gain an initial foothold and exploiting an overflow vulnerability in a version of Windows 8.1 (MS16-098) to escalate to system.
Read moreThis was an easy Linux box that involved exploiting a remote command execution vulnerability in the distcc service to gain an initial foothold and the Nmap interactive mode to escalate privileges to root
Read moreThis was an easy Windows box that involved exploiting the PUT method in the WebDAV extension of the HTTP protocol to upload a reverse shell in order to obtain remote access, and exploiting a Windows vulnerability in the win32k.sys kernel mode driver.
Read moreThis was an easy Windows box that involved exploiting a WebDAV buffer overflow vulnerability present in IIS version 6 and using a vulnerability in the windows WMI service to escalate privileges.
Read moreThis was a very peculiar box, as it involved sending a password change link to a user from a web application in order to reset his password, uploading a PHP shell via SMB to gain remote code execution and therefore a shell, and using a password found in the underlying system’s bash history file to login as the administrator user
Read moreThis was an easy Windows machine that involved exploiting a directory traversal vulnerability in the Adobe ColdFusion web application to obtain user hashes, cracking them with an online hash lookup tool and using a scheduled task to gain remote access. Privilege escalation was possible through a Windows Kernel Exploit.
Read more