A medium rated Linux box that involves exploiting a Server-Side Template Injection (SSTI) vulnerability to get a reverse shell as a low level user. Further privilege escalation requires finding a weak password in a database table, which leads the attacker to another user. Root user is obtained by exploiting a vulnerability in qpdf.

An easy rated Linux machine that demonstrates the Shellshock vulnerability. Once the vulnerability is exploited, the attacker is able to escalate privileges through the perl binary.

An easy rated Windows machine that demonstrates the critical vulnerability in Windows SMBv1, also known as MS17-010 or ‘EternalBlue’.

An easy rated linux machine that is found to be running a vulnerable version of Chamilo that allows the attacker to perform an unathenticated remote file upload. The attacker uses this to obtain a reverse shell onto the machine. Privilege escalation is obtained from exploiting a custom bash script found in /opt.

A medium rated Linux machine that has the attacker exploit an authenticated RCE CVE to obtain user shell. Pivoting from there, the user will need to scan for other wireless networks and obtain a PSK using a Pixie Dust attack. After generating a WPA passphrase and connecting to the wireless network, the attacker is able to connect via SSH.