Solidstate
An easy Linux box from HackTheBox, use an RCE combined with POP3 email compromise to get initial access, and exploit a misconfigured cron python script running as root to escalate privileges.
Jarvis
A medium Linux box from HackTheBox, exploit a SQLi to get admin creds to phpmyadmin to upload a webshell and get initial access, then exploit command injection in a script with sudo privileges to elevate to a user and use a SUID enabled systemctl from there to get root.
Jarvis
A medium Linux box from HackTheBox, exploit a SQLi to get admin creds to phpmyadmin to upload a webshell and get initial access, then exploit command injection in a script with sudo privileges to elevate to a user and use a SUID enabled systemctl from there to get root.
Jarvis
A medium Linux box from HackTheBox, exploit a SQLi to get admin creds to phpmyadmin to upload a webshell and get initial access, then exploit command injection in a script with sudo privileges to elevate to a user and use a SUID enabled systemctl from there to get root.
SwagShop
An easy Linux box from HackTheBox, use a chain of two CVEs on Magento to get initial access, then abuse sudo privileges on vi to get root.