Doctor
An easy Linux box from HackTheBox, get initial access via SSTI, then escalate privileges by finding a password in logfiles and using it to login to Splunk and upload a malicious app.
Beep
An easy Linux box from HackTheBox, get initial access by a webshell uploaded as mail, and run by LFI, then get root by abusing sudo privileges on nmap.
Nineveh
A medium Linux box from HackTheBox, get initial access by abusing an RFI, then escalate by exploiting chkrootkit to execute a script as root and send us a reverse shell.
Poison
A medium OpenBSD box from HackTheBox, get initial access by using a log poisoning attack and then escalate priviliges by exposing a local VNC listener running as root.
Grandpa
An easy Windows box from HackTheBox, get initial access via RCE from a vulnerable version of IIS, then escalate privileges with a kernel exploit.