This lab emphasizes different enumeration methods, particularly web enumeration, to uncover vulnerabilities. Learners will exploit CVE-2022-25018 for initial access. The lab also teaches privilege escalation techniques to gain higher-level access within the system.
Leverage a misconfigured PostgreSQL database server that is listening on all interfaces with default credentials to gain code execution in this lab. Next, exploit misconfigured SUID permissions on the /usr/bin/find binary for privilege escalation. This approach enhances your skills in identifying misconfigurations and escalating privileges effectively.
In this lab, you will exploit a Local File Inclusion (LFI) vulnerability in an outdated version of CS Cart installed on the PayDay lab. This lab enhances your skills in vulnerability detection, exploitation, and system access techniques.