App - Script App - Script

Exploit environment weaknesses, configuration mistakes and vulnerability patterns in scripts and systems.

For each of these challenges, you will be provided with connection credentials such as SSH access or a network socket. Depending on the challenge you will need to elevate your privileges or escape the sandbox by exploiting the provided environment.

Prerequisites:
 Some knowledge of the UNIX shell and of common UNIX privilege escalation techniques
 Advanced understanding of scripting languages such as Python, Perl, PHP in order to escape jails

challenges 28 Challenges

Results Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution Date
pas_valide Bash - System 1 15% 37801 5 Lu33Y 10 8 February 2012
pas_valide sudo - weak configuration 10% 25084 5 notfound404 4 6 February 2012
pas_valide Bash - System 2 9% 22592 10 Lu33Y 10 8 February 2012
pas_valide LaTeX - Input 1% 1836 10 Podalirius 2 17 March 2021
pas_valide Powershell - Command Injection 2% 3265 10 hat.time 7 19 June 2020
pas_valide Bash - unquoted expression injection 2% 3764 15 sbrk 5 26 October 2020
pas_valide Docker - I am groot 1% 912 15 Nishacid 1 24 February 2022
pas_valide Perl - Command injection 5% 11106 15 Tosh 9 11 August 2015
pas_valide Powershell - SecureString 1% 1832 15 hat.time 4 19 June 2020
pas_valide Bash - cron 4% 10334 20 g0uZ 8 6 May 2013
pas_valide LaTeX - Command execution 1% 1078 20 Podalirius 2 17 March 2021
pas_valide Python - input() 6% 14734 20 g0uZ 11 27 May 2014
pas_valide Bash - quoted expression injection 1% 731 25 sbrk 4 26 October 2020
pas_valide Bash - race condition 1% 375 25 sbrk 9 5 May 2020
pas_valide Powershell - Basic jail 1% 610 25 hat.time 10 19 June 2020
pas_valide Python - pickle 2% 4446 25 koma 10 7 September 2012
pas_valide Docker - Sys-Admin’s Docker 1% 354 30 Nishacid 2 24 February 2022
pas_valide Shared Objects hijacking 1% 528 30 das 2 5 March 2020
pas_valide SSH - Agent Hijacking 1% 1769 30 mayfly 5 7 October 2018
pas_valide Docker - Talk through me 1% 227 35 Nishacid 0 24 February 2022
pas_valide Python - format string 1% 655 35 lovasoa 1 26 March 2021
pas_valide Python - PyJail 1 3% 5787 35 sambecks 5 3 January 2015
pas_valide PHP - Jail 1% 627 40 LordRoke 10 1 March 2019
pas_valide Python - PyJail 2 2% 3389 40 zM_ 10 17 February 2015
pas_valide Python - Jail - Exec 1% 1366 50 Arod 3 23 February 2015
pas_valide Javascript - Jail 1% 384 55 waxous 3 7 December 2016
pas_valide Python - Jail - Garbage collector 1% 452 55 n0d 4 12 August 2017
pas_valide Bash - Restricted shells 1% 2328 70 Yorin 8 14 January 2017

Challenge Results Challenge Results

Pseudo Challenge Lang Date
Yato_Watch App - Script  Python - input() fr 24 September 2022 at 14:12
jojhack0 App - Script  Bash - System 1 fr 24 September 2022 at 14:08
Yato_Watch App - Script  LaTeX - Input fr 24 September 2022 at 13:58
danf987 App - Script  Docker - Sys-Admin’s Docker fr 24 September 2022 at 13:04
notHaz App - Script  Bash - System 2 fr 24 September 2022 at 12:56
notHaz App - Script  sudo - faiblesse de configuration fr 24 September 2022 at 12:48
mh4ckt3mh4ckt1c4s App - Script  Docker - Talk through me fr 24 September 2022 at 12:21
Rooulioo App - Script  Python - input() fr 24 September 2022 at 11:59
Trixtan App - Script  Bash - quoted expression injection fr 24 September 2022 at 11:35
gnathl App - Script  LaTeX - Command execution en 24 September 2022 at 10:50