This lab emphasizes different enumeration methods, particularly web enumeration, to uncover vulnerabilities. Learners will exploit CVE-2022-25018 for initial access. The lab also teaches privilege escalation techniques to gain higher-level access within the system.
Leverage a misconfigured PostgreSQL database server that is listening on all interfaces with default credentials to gain code execution in this lab. Next, exploit misconfigured SUID permissions on the /usr/bin/find binary for privilege escalation. This approach enhances your skills in identifying misconfigurations and escalating privileges effectively.
In this lab, you will exploit a Local File Inclusion (LFI) vulnerability in an outdated version of CS Cart installed on the PayDay lab. This lab enhances your skills in vulnerability detection, exploitation, and system access techniques.
You are required to leverage enumeration techniques, including web enumeration, to uncover potential vulnerabilities. The lab involves exploiting CVE-2022-26134 and abusing cronjobs to gain unauthorized access. This lab focuses on understanding and exploiting vulnerabilities to enhance security awareness.
The lab will leverage enumeration techniques, including web enumeration, to uncover potential vulnerabilities. You will also exploit CVE-2021-3129 and demonstrate how to abuse SUDO permissions for unauthorized access. This lab focuses on understanding and exploiting vulnerabilities to enhance security awareness.
In this lab, we will exploit the target through an authenticated file upload bypass vulnerability in Subrion CMS that leads to remote code execution. We will then exploit a root cron job via a script running exiftool every minute.
This lab demonstrates exploiting a pre-auth remote code execution vulnerability in SaltStack Master (CVE-2020-11651). Learners will leverage the SaltStack API to execute arbitrary commands, resulting in a root shell on the target. This lab highlights the risks of unpatched critical vulnerabilities in infrastructure management tools.
CozyHosting is an easy-difficulty Linux machine that features a Spring Boot application. The application has the Actuator endpoint enabled. Enumerating the endpoint leads to the discovery of a user’s session cookie, leading to authenticated access to the main dashboard. The application is vulnerable to command injection, which is leveraged to gain a reverse shell on the remote machine. Enumerating the application’s JAR file, hardcoded credentials are discovered and used to log into the local database. The database contains a hashed password, which once cracked is used to log into the machine as the user josh. The user is allowed to run ssh as root, which is leveraged to fully escalate privileges.
Editor is an easy Linux box.
Photobomb is an easy Linux machine where plaintext credentials are used to access an internal web application with a Download functionality that is vulnerable to a blind command injection. Once a foothold as the machine’s main user is established, a poorly configured shell script that references binaries without their full paths is leveraged to obtain escalated privileges, as it can be ran with `sudo