App - Script

Exploit environment weaknesses, configuration mistakes and vulnerability patterns in shell scripting and system hardening.

For each of these challenges, you will be provided with connection credentials such as SSH access or a network socket. Depending on the challenge you will need to elevate your privileges or escape the sandbox by exploiting the provided environment.

Prerequisites:
Some knowledge of the UNIX shell and of common UNIX privilege escalation techniques
Advanced understanding of scripting languages such as Python, Perl, PHP in order to escape jails

19 Challenges

Results	Name	Validations	Number of points	Difficulty	Author	Note	Solution
	Bash - System 1	15% 26046	5		Lu33Y		10
	sudo - weak configuration	10% 17654	5		notfound404		4
	Bash - System 2	9% 15930	10		Lu33Y		10
	Perl - Command injection	5% 8568	15		Tosh		9
	Bash - cron	5% 8097	20		g0uZ		8
	Python - input()	6% 10892	20		g0uZ		11
	Python - pickle	2% 3596	25		koma		9
	Shared Objects hijacking	1% 199	30		das		2
	SSH - Agent Hijacking	1% 1317	30		mayfly		5
	Python - PyJail 1	3% 4486	35		sambecks		3
	Bash considered harmful	1% 40	40		sbrk		2
	Bash/Awk - netstat parsing	1% 330	40		sbrk		3
	PHP - Jail	1% 388	40		LordRoke		9
	Python - PyJail 2	2% 2469	40		zM		10
	Python - Jail - Exec	1% 1024	50		Arod		2
	System Disaster	1% 36	50		sbrk		0
	Javascript - Jail	1% 258	55		waxous		2
	Python - Jail - Garbage collector	1% 318	55		n0d		4
	Bash - Restricted shells	1% 1580	70		Yorin		6

Challenge Results

Pseudo	Challenge	Lang	date
TioSan21	Bash - System 1		26 May 2020 at 04:55
SuziQ	Bash - System 2		26 May 2020 at 02:14
SuziQ	sudo - faiblesse de configuration		26 May 2020 at 02:02
nqnt	Python - Jail - Exec		26 May 2020 at 01:31
myDonut	Perl - Command injection		26 May 2020 at 01:13
myDonut	Python - pickle		26 May 2020 at 01:02
SuziQ	Bash - System 1		26 May 2020 at 00:15
GTaf	Perl - Command injection		25 May 2020 at 23:58
nqnt	Python - Jail - Garbage collector		25 May 2020 at 23:58
skyf0l	Python - input()		25 May 2020 at 23:09