App - Script
Exploit environment weaknesses, configuration mistakes and vulnerability patterns in shell scripting and system hardening.
For each of these challenges, you will be provided with connection credentials such as SSH access or a network socket. Depending on the challenge you will need to elevate your privileges or escape the sandbox by exploiting the provided environment.
Prerequisites:
Some knowledge of the UNIX shell and of common UNIX privilege escalation techniques
Advanced understanding of scripting languages such as Python, Perl, PHP in order to escape jails
22 Challenges
Results | Name | Number of points |
Difficulty |
Author | Note |
Solution |
|
Bash - System 1 | 5 | Lu33Y | 10 | ||
|
sudo - weak configuration | 5 | notfound404 | 4 | ||
|
Bash - System 2 | 10 | Lu33Y | 10 | ||
|
Powershell - Command Injection | 10 | hat.time | 4 | ||
|
Bash - unquoted expression injection | 15 | sbrk | 4 | ||
|
Perl - Command injection | 15 | Tosh | 9 | ||
|
Powershell - SecureString | 15 | hat.time | 2 | ||
|
Bash - cron | 20 | g0uZ | 8 | ||
|
Python - input() | 20 | g0uZ | 11 | ||
|
Bash - quoted expression injection | 25 | sbrk | 0 | ||
|
Bash - race condition | 25 | sbrk | 6 | ||
|
Powershell - Basic jail | 25 | hat.time | 6 | ||
|
Python - pickle | 25 | koma | 9 | ||
|
Shared Objects hijacking | 30 | das | 2 | ||
|
SSH - Agent Hijacking | 30 | mayfly | 5 | ||
|
Python - PyJail 1 | 35 | sambecks | 4 | ||
|
PHP - Jail | 40 | LordRoke | 9 | ||
|
Python - PyJail 2 | 40 | zM_ | 10 | ||
|
Python - Jail - Exec | 50 | Arod | 3 | ||
|
Javascript - Jail | 55 | waxous | 2 | ||
|
Python - Jail - Garbage collector | 55 | n0d | 4 | ||
|
Bash - Restricted shells | 70 | Yorin | 6 |