Kenobi
An easy Linux box from TryHackMe, get initial access by exploiting ftpd, and use an SUID binary that doesn’t use full paths to get root.
Return
An easy Windows box from HackTheBox, using an SSRF to capture a password, then modifying a service path to get SYSTEM.
Return
An easy Windows box from HackTheBox, using an SSRF to capture a password, then modifying a service path to get SYSTEM.
Return
An easy Windows box from HackTheBox, using an SSRF to capture a password, then modifying a service path to get SYSTEM.
Optimum
An easy Windows box from HackTheBox, running a CVE POC to get initial access, and then another POC to get SYSTEM.