-
Nunchucks
Nunchucks is a easy machine that explores a NodeJS-based Server Side Template Injection (SSTI) leading to an AppArmor bug which disregards the binary’s AppArmor profile while executing scripts that include the shebang of the profiled application. Walkthrough Reconnaissance We will start by scanning protocolos in the target machine, this can...
-
Bank
Bank is a relatively simple machine, however proper web enumeration is key to finding the necessary data for entry. There also exists an unintended entry method, which many users find before the correct data is located. Walkthrough Reconnaissance We will start by scanning protocolos in the target machine, this can...
-
Artic
Arctic is an easy Windows machine that involves straightforward exploitation with some minor challenges. The process begins by troubleshooting the web server to identify the correct exploit. Initial access can be gained either through an unauthenticated file upload in Adobe ColdFusion. Once a shell is obtained, privilege escalation is achieved...