-
Shocker
Shocker, while fairly simple overall, demonstrates the severity of the renowned Shellshock exploit, which affected millions of public-facing servers. Walkthrough Reconnaissance We will start by scanning protocolos in the target machine, this can be divided in 3 phases: Scan for open ports. Scan for services in these open ports. Scan...
-
Validation
Validation is an easy difficulty Linux machine that involves exploiting an SQL Injection vulnerability present in a website. By leveraging this vulnerability, we can upload a webshell and gain access as www-data. To escalate privileges to root, we discover credentials within a config file, allowing us to log in as...
-
Busqueda
Busqueda is an Easy Difficulty Linux machine that involves exploiting a command injection vulnerability present in a Python module. By leveraging this vulnerability, we gain user-level access to the machine. To escalate privileges to root, we discover credentials within a Git config file, allowing us to log into a local...