Tag
This was an easy Linux box that involved exploiting a blind SQL injection vulnerability in CMS Made Simple to obtain initial access and the Vim text editor allowed to run as root to escalate privileges to root.
Read moreCapabilities in Linux are special attributes that can be allocated to processes, binaries, services and users and they can allow them specific privileges that are normally reserved for root-level actions, such as being able to intercept network traffic or mount/unmount file systems. If misconfigured, these could allow an attacker to elevate their privileges to root.
Read moreThis was an intermediate Linux box that involved exploiting a PHP deserialization vulnerability to gain initial access, and a vulnerable Bash script to overwrite the root user’s authorized SSH keys and escalate privileges.
Read moreThis mini CTF was part of the web fundamentals room and it aims to allow students to practice their web skills with GET/POST requests and cookies.
Read moreThis was an easy Linux machine that involved exploiting a vulnerable file upload functionality to gain initial access and various misconfigured scripts on the box to escalate privileges to root.
Read moreThis was an easy Linux machine that involved exploiting a vulnerability in MSFVenom to gain remote code execution, a misconfigured Bash script to escalate to the “pwn” user, and a Sudo rule to escalate privileges to root.
Read moreNetwork File System is a protocol that allows users to access files over a computer network much like local storage is accessed, like many other protocols, it builds on the Open Network Computing Remote Procedure Call (ONC RPC) system. If misconfigured, it could allow regular users to escalate privileges to root.
Read moreThis was an intermediate-level Linux machine that involved brute-forcing WordPress credentials to gain initial access through a malicious plugin upload and escalating privileges through a Jenkins instance with weak credentials.
Read moreThis was an intermediate Linux machine that involved exploiting a SQL injection vulnerability to gain initial access, a misconfigured Python script to escalate to the “pepper” user and the Systemctl binary with SUID privileges set to escalate to root.
Read moreThis was an intermediate Linux machine that involved exploiting the ticket reply via email functionality of osTicket to access a MatterMost web application to find SSH credentials and using Hashcat rules to crack root hashes stored in the MySQL database to escalate privileges.
Read more