Trick is an Easy Linux machine built around enumeration. A misconfigured DNS zone transfer plus virtual-host fuzzing reveal hidden subdomains, an LFI on one of them leaks an SSH key, and a user in the security group abuses a writable fail2ban action directory to get root once a ban fires.
Bashed is a fairly easy machine which focuses mainly on fuzzing and locating important files. As basic access to the crontab is restricted
This lab emphasizes different enumeration methods, particularly web enumeration, to uncover vulnerabilities. Learners will exploit CVE-2022-25018 for initial access. The lab also teaches privilege escalation techniques to gain higher-level access within the system.
Leverage a misconfigured PostgreSQL database server that is listening on all interfaces with default credentials to gain code execution in this lab. Next, exploit misconfigured SUID permissions on the /usr/bin/find binary for privilege escalation. This approach enhances your skills in identifying misconfigurations and escalating privileges effectively.