App - Script App - Script

Exploit environment weaknesses, configuration mistakes and vulnerability patterns in scripts and systems.

For each of these challenges, you will be provided with connection credentials such as SSH access or a network socket. Depending on the challenge you will need to elevate your privileges or escape the sandbox by exploiting the provided environment.

Prerequisites:
 Some knowledge of the UNIX shell and of common UNIX privilege escalation techniques
 Advanced understanding of scripting languages such as Python, Perl, PHP in order to escape jails

challenges 33 Challenges

Results Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution Date
pas_valide Bash - System 1 15% 56160 5 Lu33Y 10 8 February 2012
pas_valide sudo - weak configuration 10% 37084 5 notfound404 5 6 February 2012
pas_valide Bash - System 2 9% 32596 10 Lu33Y 10 8 February 2012
pas_valide LaTeX - Input 2% 6115 10 Podalirius , Mhd_Root 5 17 March 2021
pas_valide Powershell - Command Injection 3% 8259 10 hat.time 7 19 June 2020
pas_valide AppArmor - Jail Introduction 1% 1132 15 nivram 4 10 May 2023
pas_valide Bash - unquoted expression injection 3% 8421 15 sbrk 5 26 October 2020
pas_valide Docker - I am groot 1% 3713 15 Nishacid 2 24 February 2022
pas_valide Perl - Command injection 4% 14331 15 Tosh 10 11 August 2015
pas_valide Powershell - SecureString 2% 4225 15 hat.time 4 19 June 2020
pas_valide Bash - cron 4% 13438 20 g0uZ 8 6 May 2013
pas_valide LaTeX - Command execution 1% 2755 20 Podalirius , Mhd_Root 4 17 March 2021
pas_valide Python - input() 6% 20130 20 g0uZ 11 27 May 2014
pas_valide R: Code Execution 1% 1623 20 Fey 8 25 September 2023
pas_valide Powershell - Basic jail 1% 1682 25 hat.time 10 19 June 2020
pas_valide Python - pickle 2% 5917 25 koma 10 7 September 2012
pas_valide Bash - quoted expression injection 1% 2221 30 sbrk 6 26 October 2020
pas_valide Docker - Sys-Admin’s Docker 1% 1376 30 Nishacid 3 24 February 2022
pas_valide Shared Objects hijacking 1% 1055 30 das 2 5 March 2020
pas_valide SSH - Agent Hijacking 1% 2559 30 mayfly 5 7 October 2018
pas_valide AppArmor - Jail Medium 1% 361 35 nivram 1 25 September 2023
pas_valide Bash - race condition 1% 738 35 sbrk 10 5 May 2020
pas_valide Docker - Talk through me 1% 996 35 Nishacid 2 24 February 2022
pas_valide Python - format string 1% 1541 35 lovasoa 2 26 March 2021
pas_valide Python - PyJail 1 2% 7585 35 sambecks 5 3 January 2015
pas_valide PHP - Jail 1% 944 40 LordRoke 10 1 March 2019
pas_valide Python - PyJail 2 2% 4744 40 zM_ 10 17 February 2015
pas_valide Python - Jail - Exec 1% 1965 50 Arod 3 23 February 2015
pas_valide Javascript - Jail 1% 567 55 waxous 4 7 December 2016
pas_valide Python - Jail - Garbage collector 1% 722 55 n0d 5 12 August 2017
pas_valide Bash - Restricted shells 1% 3427 60 Yorin 9 14 January 2017
pas_valide Python - Eval Is Evil 1% 261 60 Mr7F 2 28 December 2023
pas_valide Deep learning - Malicious model 1% 94 70 blackndoor 0 26 July 2024

Challenge Results Challenge Results

Pseudo Challenge Lang Date
Yasmine App - Script  Bash - System 1 fr 7 June 2026 at 04:00
yovalow App - Script  Powershell - SecureString fr 7 June 2026 at 03:28
ROoTm3=SZQHG App - Script  LaTeX - Input fr 7 June 2026 at 03:25
Numity App - Script  Perl - Command injection fr 7 June 2026 at 02:07
FreeSpeetch App - Script  Bash - cron fr 7 June 2026 at 01:37
Camélia App - Script  Bash - System 1 fr 7 June 2026 at 01:26
SyncDataScript App - Script  Bash - System 1 ru 6 June 2026 at 21:03
azergznigozegihzoeghaozdpjcp App - Script  Bash - quoted expression injection fr 6 June 2026 at 21:00
A.N.D App - Script  sudo - faiblesse de configuration fr 6 June 2026 at 20:59
azergznigozegihzoeghaozdpjcp App - Script  R: exécution de code fr 6 June 2026 at 20:56