App - Script App - Script

Exploit environment weaknesses, configuration mistakes and vulnerability patterns in scripts and systems.

For each of these challenges, you will be provided with connection credentials such as SSH access or a network socket. Depending on the challenge you will need to elevate your privileges or escape the sandbox by exploiting the provided environment.

Prerequisites:
 Some knowledge of the UNIX shell and of common UNIX privilege escalation techniques
 Advanced understanding of scripting languages such as Python, Perl, PHP in order to escape jails

challenges 29 Challenges

Results Name Validations Number of points   Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution Date
pas_valide Bash - System 1 15% 43092 5 Lu33Y 10 8 February 2012
pas_valide sudo - weak configuration 10% 28664 5 notfound404 5 6 February 2012
pas_valide Bash - System 2 9% 25399 10 Lu33Y 10 8 February 2012
pas_valide LaTeX - Input 2% 3124 10 Podalirius , Mhd_Root 3 17 March 2021
pas_valide Powershell - Command Injection 2% 4762 10 hat.time 7 19 June 2020
pas_valide AppArmor - Jail Introduction 1% 201 15 nivram 2 10 May 2023
pas_valide Bash - unquoted expression injection 2% 5283 15 sbrk 5 26 October 2020
pas_valide Docker - I am groot 1% 1893 15 Nishacid 2 24 February 2022
pas_valide Perl - Command injection 4% 12009 15 Tosh 9 11 August 2015
pas_valide Powershell - SecureString 1% 2516 15 hat.time 4 19 June 2020
pas_valide Bash - cron 4% 11215 20 g0uZ 8 6 May 2013
pas_valide LaTeX - Command execution 1% 1549 20 Podalirius , Mhd_Root 3 17 March 2021
pas_valide Python - input() 6% 16359 20 g0uZ 11 27 May 2014
pas_valide Python - pickle 2% 4886 25 koma 10 7 September 2012
pas_valide Powershell - Basic jail 1% 897 25 hat.time 10 19 June 2020
pas_valide Bash - quoted expression injection 1% 1131 30 sbrk 6 26 October 2020
pas_valide Docker - Sys-Admin’s Docker 1% 718 30 Nishacid 3 24 February 2022
pas_valide Shared Objects hijacking 1% 676 30 das 2 5 March 2020
pas_valide SSH - Agent Hijacking 1% 1968 30 mayfly 5 7 October 2018
pas_valide Bash - race condition 1% 461 35 sbrk 10 5 May 2020
pas_valide Docker - Talk through me 1% 468 35 Nishacid 2 24 February 2022
pas_valide Python - format string 1% 901 35 lovasoa 1 26 March 2021
pas_valide Python - PyJail 1 3% 6323 35 sambecks 5 3 January 2015
pas_valide PHP - Jail 1% 702 40 LordRoke 10 1 March 2019
pas_valide Python - PyJail 2 2% 3791 40 zM_ 10 17 February 2015
pas_valide Python - Jail - Exec 1% 1549 50 Arod 3 23 February 2015
pas_valide Javascript - Jail 1% 430 55 waxous 4 7 December 2016
pas_valide Python - Jail - Garbage collector 1% 514 55 n0d 5 12 August 2017
pas_valide Bash - Restricted shells 1% 2599 60 Yorin 9 14 January 2017

Challenge Results Challenge Results

Pseudo Challenge Lang Date
spectre667 App - Script  Python - input() ru 25 September 2023 at 11:35
spectre667 App - Script  Bash - System 1 ru 25 September 2023 at 11:05
Obrazyar App - Script  sudo - weak configuration en 25 September 2023 at 10:24
m0n0pr1x App - Script  Bash - race condition fr 25 September 2023 at 10:07
vtgsxx App - Script  sudo - weak configuration en 25 September 2023 at 09:45
Hacktimel App - Script  Python - PyJail 1 fr 25 September 2023 at 09:37
priseRJ45 App - Script  Bash - System 1 fr 25 September 2023 at 09:30
OG_Mihawk App - Script  Powershell - Command injection fr 25 September 2023 at 09:28
StormOkey App - Script  Bash - System 1 fr 25 September 2023 at 09:16
TheoYo App - Script  sudo - faiblesse de configuration fr 25 September 2023 at 08:20