Obscurity was a medium rated Linux machine that required some fuzzing to find a hidden web directory containing a python file. This file was the source code for the web server and contained a vulnerability allowing RCE which lead to a reverse shell as www-data. We had read and execute
OpenAdmin was an easy rated Linux machine with a vulnerable version of OpenNetAdmin. A publicly available exploit got us remote code execution in a limited shell - this was converted into a proper reverse shell as www-data. Reuse of a database password yielded SSH access as a user 'jimmy' where
Control was a hard rated Windows machine that was a lot of work and very frustrating during the last part but I learned a ton of things as well. A HTTP header had to be added in order to access an admin page. From there, SQLMap was used to get
Mango was a medium difficulty Linux machine in which a NoSQL injection was used to enumerate credentials for initial SSH access. A SUID java binary was then exploited to write to root's authorized_keys file which allowed SSH access as root. This was a tough one for me as I'm
Traverexec was an easy rated Linux box which was great for beginners. A vulnerability in the Nostromo http server was exploited for initial access. A weak password used to protect a backup of ssh keys was cracked to pivot to another user. Finally, the binary less was abused to gain