Time is a medium-rated Linux machine created by egotisticalSW & felamos. Initial foothold is discovered by accessing a JSON beautifier and validator running on port 80. Server Side Request Forgery can be abused to perform code execution and gain user access. …
Passage is a medium-rated Linux machine created by ChefByzen. Initial foothold is gained by exploiting a vulnerable version of CuteNews PHP. User compromise is performed by finding encoded files and decrypting a SHA256 password. Movement to another user was done by simply authenticating through SSH in localhost. …
Doctor is an easy Linux box created by egotisticalSW. Initial foothold is discovered by fuzzing the ‘New Message’ form in the Doctor Secure Messaging page. A reverse shell can be spawned by performing Server Side Template Injection. Lateral movement to user ‘shaun’ is done by finding his password in a…
OpenKeyS is a medium-rated OpenBSD machine created by polarbearer & GibParadox. Initial foothold can be obtained by discovering a authentication bypass on the HTTP service. User access is gained by adding a username cookie for a discovered user, ‘jennifer’ along with the exploitation of the authentication bypass to snatch an…
Unbalanced is a hard-rated Windows machine created by polarbearer & GibParadox. Initial foothold is discovered by downloading encrypted configuration files from the RSync service running on port 873. Hostnames are found on the squid configuration file after decrypting the files with EncFS. Boolean-based SQL Injection is performed to gather user…
SneakyMailer is a medium-rated Linux machine created by sulcud. Initial foothold is discovered by performing a social engineering attack to get a user hand over his credentials for the Internet Message Access Protocol(IMAP) service. Access to the FTP server is gained after finding credentials in one of the email in…
Buff is an easy-rated windows machine created by egotisticalSW. User access is gained by exploiting a Remote Code Execution(RCE) vulnerability on Gym Management Software 1.0. Administrative privileges were obtained by exploiting a buffer overflow vulnerability on CloudMe 1.11.2.
Nmap scan only shows port 8080 (http) open.
Tabby is an easy-rated Linux machine created by egre55. Initial foothold is obtained by discovering tomcat credentials with the help of Local File Inclusion. Access as tomcat is granted after deploying a WAR file which contains a reverse shell payload to the tomcat manager text interface. …
Fuse is a medium-rated windows machine created by egre55. Initial foothold is gained by discovering an expired password that can be changed in order to get access to SMB shares and RPCClient. A user shell is obtained by enumerating the printer in RPCClient and determine a password used by one…
Admirer is an easy-rated linux machine created by polarbearer and GibParadox. Initial foothold focuses on discovering ftp credentials on the web server that leads to discovery of files. User access is gained after finding credentials by exploiting a vulnerability in adminer database. …
