Utilizes steganography with binwalk and steghide to extract hidden data from images. Employs zip2john to crack password-protected archives and Base64 decoding for credentials. Achieves privilege escalation by exploiting CVE-2019-14287 sudo vulnerability.
Uses enum4linux for Samba user enumeration and Hydra for brute-forcing SSH credentials. Exploits readable SSH private key with ssh2john to crack its passphrase, then leverages misconfigured sudo permissions for privilege escalation.
Employs Hydra for brute-forcing admin credentials on a web portal, then uses ssh2john to crack an encrypted RSA private key. Achieves privilege escalation by exploiting sudo permissions on the cat command to read restricted files.
Bypasses command filtering on a web panel using backslash character escapes to upload and execute a PHP reverse shell. Extracts MySQL credentials from PHP files, pivots through multiple user accounts, and finally escapes Docker container restrictions for root access.
Exploits anonymous FTP access to retrieve a password list, then uses Hydra to brute-force SSH credentials. Achieves privilege escalation by leveraging sudo permissions on the tar command to execute arbitrary commands as root.
Exploit a PHP web application vulnerabilities including Local File Inclusion (LFI), log poisoning for code execution, and container escape techniques to achieve root access on the underlying host system.
Exploits a data breach by utilizing leaked MD5 password hashes found through OSINT. Employs POP3 password reuse to gain initial access, and escalates privileges by modifying a world-writable Python script in the crontab to execute a reverse shell as root.
Exploits a vulnerable Fuel CMS installation using a remote code execution vulnerability (CVE-2018-16763) to gain a reverse shell. Discovers hardcoded database credentials in configuration files, which are reused as the root password for the system.
Exploits a vulnerable SweetRice CMS installation by accessing exposed MySQL database backups containing admin credentials. Bypasses upload restrictions to gain initial access through a PHP reverse shell, then escalates privileges by leveraging a sudo permission on a Perl script.
In this medium-difficulty challenge, exploit a WordPress site through brute-forcing with Hydra, utilizing file disclosure vulnerabilities to obtain password hashes, and leverage a SUID binary for privilege escalation to root access.
Exploits a client-side authentication bypass by manually setting a cookie to access restricted admin area. Cracks an SSH private key using ssh2john and achieves privilege escalation through a vulnerable cron job that relies on a host file which can be manipulated.
Leverages writable FTP directory to upload and execute a PHP reverse shell. Gains user access through password extraction from a pcap file. Achieves root by exploiting a scheduled script with writable dependencies.
Exploits Apache Tomcat Ghostcat vulnerability (CVE-2020-1938) in AJP to gain initial access. Uses gpg2john to crack PGP keys and exploits sudo permission on zip utility for privilege escalation.