Tag
This was an easy Windows machine that involved exploiting a Kerberoastable service account to gain initial access and using a base64-encoded password stored in an unattended installation file to escalate privileges to Administrator.
Read moreThis was an intermediate Windows machine that involved enumerating an active directory domain, using ASREPRoasting to obtain initial access, and performing a DCSync attack to escalate privileges to Administrator-level access.
Read moreThis was a Windows machine that required to enumerate a WordPress instance to identify user credentials and remotely authenticate via RDP and exploit the Windows COM Vulnerability to escalate privileges to SYSTEM.
Read moreThis was an easy Linux machine that involved exploiting a backup disclosure issue in SweetRice CMS to gain remote execution and a misconfigured script with root permissions to escalate privileges to root.
Read moreThis was an intermediate Windows machine that involved exploiting a stack buffer overflow vulnerability to gain initial access and dumping and decrypting Mozilla Firefox credentials stored on the box to escalate privileges to system.
Read moreThis was an intermediate Linux machine that involved exploiting a stack buffer overflow vulnerability to gain SYSTEM level access to the box.
Read moreThis was an easy Linux machine that involved exploiting a vulnerable file upload functionality to gain initial access and Python with the SetUID bit assigned to it to escalate privileges to root.
Read moreThis was an easy Linux box that involved exploiting a blind SQL injection vulnerability in CMS Made Simple to obtain initial access and the Vim text editor allowed to run as root to escalate privileges to root.
Read moreAs the name suggests, this was a really simple challenge that involved accessing an open SMB share to identify usernames, performing a SSH brute-force attack to obtain access, and cracking the passphrase for a world-readable SSH key to escalate privileges.
Read moreThis mini CTF was part of the web fundamentals room and it aims to allow students to practice their web skills with GET/POST requests and cookies.
Read more