An easy rated linux machine that is found to be running a vulnerable version of Chamilo that allows the attacker to perform an unathenticated remote file upload. The attacker uses this to obtain a reverse shell onto the machine. Privilege escalation is obtained from exploiting a custom bash script found in /opt.

A medium rated Linux machine that has the attacker exploit an authenticated RCE CVE to obtain user shell. Pivoting from there, the user will need to scan for other wireless networks and obtain a PSK using a Pixie Dust attack. After generating a WPA passphrase and connecting to the wireless network, the attacker is able to connect via SSH.

An easy rated Linux box that involves exploiting a Server-Side Template Injection (SSTI) vulnerability to get a reverse shell and then cracking a hash to get root.