Beep
An easy Linux box from HackTheBox, get initial access by a webshell uploaded as mail, and run by LFI, then get root by abusing sudo privileges on nmap.
Nineveh
A medium Linux box from HackTheBox, get initial access by abusing an RFI, then escalate by exploiting chkrootkit to execute a script as root and send us a reverse shell.
Nineveh
A medium Linux box from HackTheBox, get initial access by abusing an RFI, then escalate by exploiting chkrootkit to execute a script as root and send us a reverse shell.
Nineveh
A medium Linux box from HackTheBox, get initial access by abusing an RFI, then escalate by exploiting chkrootkit to execute a script as root and send us a reverse shell.
TartarSauce
A medium Linux box from HackTheBox, get initial access through a vulnerable wordpress plugin, then get privesc to a full user through tar, and then find a backup script that unzips a file as root, allowing you to privesc to root by unzipping a malicious archive with a custom root-owned SUID executable.