Skynet
An easy Linux box from TryHackMe, follow a string of leaked data to get creds, then leverage an RFI for initial access, and use a cronjob run as root to escalate.
Kenobi
An easy Linux box from TryHackMe, get initial access by exploiting ftpd, and use an SUID binary that doesn’t use full paths to get root.
Kenobi
An easy Linux box from TryHackMe, get initial access by exploiting ftpd, and use an SUID binary that doesn’t use full paths to get root.
Kenobi
An easy Linux box from TryHackMe, get initial access by exploiting ftpd, and use an SUID binary that doesn’t use full paths to get root.
Return
An easy Windows box from HackTheBox, using an SSRF to capture a password, then modifying a service path to get SYSTEM.