App - Script App - Script

Exploit environment weaknesses, configuration mistakes and vulnerability patterns in scripts and systems.

For each of these challenges, you will be provided with connection credentials such as SSH access or a network socket. Depending on the challenge you will need to elevate your privileges or escape the sandbox by exploiting the provided environment.

Prerequisites:
 Some knowledge of the UNIX shell and of common UNIX privilege escalation techniques
 Advanced understanding of scripting languages such as Python, Perl, PHP in order to escape jails

challenges 32 Challenges

Results Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note   Notation Solution Date
pas_valide Perl - Command injection 4% 12682 15 Tosh 9 11 August 2015
pas_valide Bash - Restricted shells 1% 2804 60 Yorin 9 14 January 2017
pas_valide R: Code Execution 1% 611 20 Fey 6 25 September 2023
pas_valide Python - input() 6% 17431 20 g0uZ 11 27 May 2014
pas_valide Shared Objects hijacking 1% 751 30 das 2 5 March 2020
pas_valide Docker - Sys-Admin’s Docker 1% 871 30 Nishacid 3 24 February 2022
pas_valide Bash - race condition 1% 514 35 sbrk 10 5 May 2020
pas_valide Bash - unquoted expression injection 2% 6017 15 sbrk 5 26 October 2020
pas_valide sudo - weak configuration 10% 30968 5 notfound404 5 6 February 2012
pas_valide Bash - System 1 15% 46718 5 Lu33Y 10 8 February 2012
pas_valide SSH - Agent Hijacking 1% 2105 30 mayfly 5 7 October 2018
pas_valide Bash - System 2 9% 27470 10 Lu33Y 10 8 February 2012
pas_valide LaTeX - Command execution 1% 1823 20 Podalirius , Mhd_Root 3 17 March 2021
pas_valide Docker - Talk through me 1% 578 35 Nishacid 2 24 February 2022
pas_valide Docker - I am groot 1% 2308 15 Nishacid 2 24 February 2022
pas_valide Python - Jail - Exec 1% 1739 50 Arod 3 23 February 2015
pas_valide Python - format string 1% 1049 35 lovasoa 1 26 March 2021
pas_valide Python - Jail - Garbage collector 1% 548 55 n0d 5 12 August 2017
pas_valide Python - Eval Is Evil 1% 26 60 Mister7F 1 28 December 2023
pas_valide Bash - cron 4% 11838 20 g0uZ 8 6 May 2013
pas_valide Python - PyJail 2 2% 4064 40 zM_ 10 17 February 2015
pas_valide PHP - Jail 1% 756 40 LordRoke 10 1 March 2019
pas_valide Powershell - Basic jail 1% 1097 25 hat.time 10 19 June 2020
pas_valide Javascript - Jail 1% 448 55 waxous 4 7 December 2016
pas_valide Powershell - Command Injection 2% 5490 10 hat.time 7 19 June 2020
pas_valide Bash - quoted expression injection 1% 1409 30 sbrk 6 26 October 2020
pas_valide AppArmor - Jail Medium 1% 95 35 nivram 1 25 September 2023
pas_valide Powershell - SecureString 1% 2860 15 hat.time 4 19 June 2020
pas_valide Python - PyJail 1 3% 6683 35 sambecks 5 3 January 2015
pas_valide LaTeX - Input 2% 3816 10 Podalirius , Mhd_Root 5 17 March 2021
pas_valide Python - pickle 2% 5164 25 koma 10 7 September 2012
pas_valide AppArmor - Jail Introduction 1% 395 15 nivram 4 10 May 2023

Challenge Results Challenge Results

Pseudo Challenge Lang Date
el rasho macuin App - Script  Docker - I am groot fr 26 April 2024 at 19:23
Arasaka App - Script  Bash - System 2 en 26 April 2024 at 19:18
Croumi App - Script  AppArmor - Jail Introduction fr 26 April 2024 at 19:09
Zakwaska App - Script  Python - input() ru 26 April 2024 at 19:05
Zakwaska App - Script  Bash - System 2 ru 26 April 2024 at 19:03
Zakwaska App - Script  sudo - weak configuration ru 26 April 2024 at 19:02
Zakwaska App - Script  Bash - System 1 ru 26 April 2024 at 18:59
samushi App - Script  Bash - quoted expression injection en 26 April 2024 at 18:50
Lawcky App - Script  Bash - unquoted expression injection fr 26 April 2024 at 18:46
samushi App - Script  Python - format string en 26 April 2024 at 18:35