Extract data via steganography to gain a foothold. Exploit a SUID binary inorder to gain root.

Exploit a web application to either gain SSH credentials or perform an injection attack to gain a foothold. Then exploit a binary to gain root.

This Box invovles bruteforce attacks to gain access to SSH followed by exploiting a misconfigured SUID binary

Crack a zip folder to gain credentials. Exploit a vulnerable version of software to gain a foothold and use the dirty cow exploit to gain root.

Exploit a CGI script which is vulnerable to the shellshock exploit. Use Dirtycow to gain root.

Exploit the bookstore application using an unauthenticated RCE or by using SQL injection and then uploading a shell. Once you have a foothold exploit some misconfigured sudo permissions to gain root.

Exploit a file upload vulnerability and abuse sudo permissions to escalate privileges.

Enumerate an FTP service to find access to the box and hunt for credentials in order to get Root.

Bruteforce a WordPress installation and upload a file for a reverse shell to get a foothold. Take advantage of misconfigured permissions on a script to gain root access.

Use authentication bypass chained with a Local File Inclusion vulnerability to get a foothold on the box. Abuse sudo permissions on a binary to get root.

Access a Samba share for credential hunting. Once signed into the web application use a file upload vulnerability to get a foothold. Exploit a SUID binary for root.

Exploit an outdated WordPress plugin to gain inital access. Then escalate privileges to root by using weak credentials and a misconfigured sudo setting.

Access an exposed FTP service to steal an SSH key. Once initial access is gained, exploit a misconfigured SUID binary to get root.

Exploit a vulnerable IRC service and use default credentials to gain root access.

Crack a leaked /etc/shadow file to gain a foothold on the machine. Then exploit a vulnerable version of software to gain root.

Bruteforce a MySQL database and decrypt some Fernet encrypted credentials. Exploit sudo misconfigurations to gain root

Exploit a vulnerable version of Drupal web application. Escalate privileges to root by abusing an SUID binary.

Bruteforce a WordPress installation with a custom wordlist to gain a foothold via SSH. Abuse sudo privileges to get root access.

Bruteforce a web login page to gain access to a code execution tool and then tempar with the request to get a reverse shell. Hunt for credentials in files and abuse sudo permissions to get root access.

Enumerate SMB and discover hidden credentials using a strange encoding then get a foothold via a webshell. Abuse capabilities on a binary to get root.

Abuse a vulnerable version of Nagios over HTTP to get access as root straight away.

Enumerate the web application to discover and exploit a local file inclusion vulnerability. After getting a foothold, write to the /etc/passwd file.

Create a custom wordlist and bruteforce SSH service for a foothold. Use a kernel exploit to gain root.

Find a username and password from enumeration on the web application and exploit a vulnerable kernel version to get root.

Exploit/tamper with the ping command on the web application to get a reverse shell then take advantage of a misconfigured SUID binary to get root.

Bruteforce a WordPress installation and exploit a plugin called ADRotate. Take advantage of a kernel exploit to get root.

Identify an LFI vulnerability in the lang parameter and use an exposed FTP service to write a reverse shell to the application. Abuse the PATH environment variable to hijack a SUID binary to gain root access.

Discover some leaked credentials via enumeration on the web application then gain root access by exploit docker group privileges.

Exploit a vulnerable web application which is running the ping utility tool to get Remote Code Execution. Take advantage of a miconfigured SUID binary to get root.

Exploit a vulnerable parameter to get LFI and RCE. Take advantage of a SUID binary to over write the /etc/passwd file and get root.

Bruteforce credentials and exploit a vulnerable wordpress plugin to gain root. Then exploit a misconfigured sudo permission to move laterally on the box, then again to get root.