The target is compromised via Remote Code Execution (RCE) in CuteNews v2.1.2 through a vulnerable avatar upload feature. Privilege escalation is achieved by abusing SUID permissions on /usr/sbin/hping3, enabling root-level command execution.

This lab demonstrates the exploitation of a misconfigured SMB share and scheduled cron jobs to achieve remote code execution. By uploading malicious files to an open SMB share, the attacker leverages a cron job to execute them. Privilege escalation is accomplished through a misconfigured SUID binary, zsh, which provides root access.

In this lab, we exploit an authenticated remote code execution vulnerability in the Nagios XI monitoring software. The application is misconfigured to run with root privileges, allowing us to escalate immediately to root once the vulnerability is exploited.

This lab demonstrates how to exploit a remote code execution (RCE) vulnerability in a vulnerable version of sar2html. By discovering the application via the robots.txt file and leveraging the RCE, you gain an initial shell. Privilege escalation is achieved by exploiting a cronjob misconfiguration that allows overwriting a custom .sh script executed as root.

This lab challenges you to exploit an exposed FTP service to uncover a hidden SSH private key, granting initial access to the system. From there, privilege escalation is achieved by leveraging a misconfigured SUID binary, cpulimit, to execute arbitrary commands as root.

This lab involves exploiting an SQL Injection vulnerability to leak credentials for a web application, leading to a file upload vulnerability that provides initial access. Privilege escalation is achieved via user password disclosure and multiple sudo misconfigurations, ultimately granting root access through tools like pkexec or time.

In this lab, an anonymous FTP server leaks a password-protected archive containing a private SSH key. The key allows initial access to the system, which is further exploited by recovering user credentials from a MySQL history file. Privilege escalation is achieved by exploiting unrestricted sudo access for the user.

In this lab, attackers exploit weak credentials disclosed through a web application to gain SSH access to the system. Once a foothold is established, local privilege escalation is achieved by exploiting a vulnerable Linux kernel version (3.13.0-32-generic) using the overlayfs exploit.

In this lab, you will exploit a system by brute-forcing credentials for the SSH service and escalating privileges by abusing misconfigured SUID permissions on /usr/bin/gdb. The lab highlights scenarios involving password brute-forcing and leveraging SUID binaries for privilege escalation.

In this lab, the target is exploited through bypassing PHP authentication, exploiting a local file inclusion (LFI) vulnerability, and cracking weak credentials. Privilege escalation is achieved by bypassing a directory restriction and leveraging misconfigured sudo permissions to execute arbitrary scripts as root.

This lab involves exploiting a disclosed SSH private key to gain initial access to a user account. The privilege escalation phase utilizes misconfigured SUID permissions on /bin/bash, allowing the user to escalate to root privileges.

We've been hit by Ransomware again, but this time the threat actor seems to have upped their skillset. Once again a they've managed to encrypt a large set of our files. It is our policy NOT to negotiate with criminals. Please recover the files they have encrypted - we have no other option! Unfortunately our CEO is on a no-tech retreat and so can't be reached.

Forela needs your help! A whole portion of our UNIX servers have been hit with what we think is ransomware. We are refusing to pay the attackers and need you to find a way to recover the files provided.