Uses enum4linux for Samba user enumeration and Hydra for brute-forcing SSH credentials. Exploits readable SSH private key with ssh2john to crack its passphrase, then leverages misconfigured sudo permissions for privilege escalation.
Exploits MagnusBilling CMS via CVE-2023-30258 to achieve initial access and PHP reverse shell. Leverages Fail2ban misconfiguration for privilege escalation to gain root access through manipulating ban actions.
Employs Hydra for brute-forcing admin credentials on a web portal, then uses ssh2john to crack an encrypted RSA private key. Achieves privilege escalation by exploiting sudo permissions on the cat command to read restricted files.
Bypasses command filtering on a web panel using backslash character escapes to upload and execute a PHP reverse shell. Extracts MySQL credentials from PHP files, pivots through multiple user accounts, and finally escapes Docker container restrictions for root access.
Exploits anonymous FTP access to retrieve a password list, then uses Hydra to brute-force SSH credentials. Achieves privilege escalation by leveraging sudo permissions on the tar command to execute arbitrary commands as root.
Demonstrates various hash cracking techniques using both online tools like Crackstation and local utilities including hashcat and John the Ripper. Covers identification and cracking of MD5, SHA1, SHA256, SHA512, and bcrypt hash formats.
Compromise a Joomla CMS 3.7.0 website by exploiting an SQLi vulnerability, crack a bcrypt password hash, and perform privilege escalation through a yum binary with sudo permissions to achieve root access.
Exploit a PHP web application vulnerabilities including Local File Inclusion (LFI), log poisoning for code execution, and container escape techniques to achieve root access on the underlying host system.
Exploits a vulnerable Fuel CMS installation using a remote code execution vulnerability (CVE-2018-16763) to gain a reverse shell. Discovers hardcoded database credentials in configuration files, which are reused as the root password for the system.
Exploits a simple Local File Inclusion (LFI) vulnerability in a web application’s article parameter to read sensitive system files. Leverages directory traversal via ../../../../ syntax to access /etc/passwd for user enumeration and read both user and root flag files directly.
Penetrate a company’s infrastructure through WordPress exploitation, crack password hashes, pivot through a phpMyAdmin instance, and escalate privileges using Jenkins to obtain root access on multiple systems.
Exploits a vulnerable SweetRice CMS installation by accessing exposed MySQL database backups containing admin credentials. Bypasses upload restrictions to gain initial access through a PHP reverse shell, then escalates privileges by leveraging a sudo permission on a Perl script.
In this medium-difficulty challenge, exploit a WordPress site through brute-forcing with Hydra, utilizing file disclosure vulnerabilities to obtain password hashes, and leverage a SUID binary for privilege escalation to root access.
Exploits a client-side authentication bypass by manually setting a cookie to access restricted admin area. Cracks an SSH private key using ssh2john and achieves privilege escalation through a vulnerable cron job that relies on a host file which can be manipulated.
Discovers credentials through HTML source code comments and robots.txt file to access a command panel. Exploits unrestricted command execution on the web server and leverages NOPASSWD sudo privileges for full system access.
Leverages writable FTP directory to upload and execute a PHP reverse shell. Gains user access through password extraction from a pcap file. Achieves root by exploiting a scheduled script with writable dependencies.
Exploits Apache Tomcat Ghostcat vulnerability (CVE-2020-1938) in AJP to gain initial access. Uses gpg2john to crack PGP keys and exploits sudo permission on zip utility for privilege escalation.