Tag
This was an easy Linux machine that involved exploiting an SQL injection to authenticate into a web application, exploiting a remote command execution vulnerability to gain remote access and using a kernel exploit to escalate privileges to root.
Read moreThis was a fairly easy Linux machine that involved exploiting an SQL injection vulnerability and cracking a user hash found in the database in order to gain initial access and a vulnerability in the Webmin web application, through SSH tunneling, to escalate privileges to root.
Read moreThis was a really easy Linux box that involved exploiting known vulnerabilities in outdated versions of the Apache web server software and the Samba service in order to gain root access. No privilege escalation was required.
Read moreThis was an intermediate Windows machine that involved crawling a username and password from a web application to access RPC, through which a password stored in a printer’s description can be found in order to obtain remote access to the box, and exploiting a known vulnerability with the SeLoadDriverPrivilege permission to escalate privileges to SYSTEM.
Read moreThis was a fairly easy Windows machine that involved bruteforcing credentials to authenticate into the BlogEngine web application, exploiting a remote code execution vulnerability affecting it to gain remote access and an insecure service file permission vulnerability in the Splinterware System Scheduler application to escalate privileges to SYSTEM.
Read moreThis was a fairly easy Linux box that involved exploiting an arbitrary file upload vulnerability in the My Image plugin of the Nibbleblog web application in order to upload a reverse shell, and a script with sudo permissions allowed to escalate privileges to root.
Read moreThis was an easy Windows box that involved authenticating to Jenkins using common credentials, executing commands through the Groovy scripting language used in the script console to gain remote access and using token impersonation to escalate privileges to SYSTEM.
It also involved switching from a normal shell to a Meterpreter shell and migrating from a user level process to a SYSTEM level process.
Read moreThis was an easy Windows box which involved accessing an open SMB share, decrypting a Group Policy Preference password found on the share to obtain the Administrator user’s hash which is then cracked to authenticate to the machine as SYSTEM.
Read moreThis was an easy Windows box that involved gaining initial access through a remote command execution vulnerability in the Rejetto HTTP File Server web application and exploiting a unquoted service path vulnerability in the Advanced System Care 9 application to gain SYSTEM level access
Read moreThis was a very easy Linux box which involved gaining a user shell by exploiting the really common Shellshock Linux vulnerability and escalating privileges to root by exploiting Perl which could be executed using sudo.
Read more