An easy rated Windows machine that demonstrates the critical vulnerability in Windows SMBv1, also known as MS17-010 or 'EternalBlue'.
An easy rated Linux box that emphasizes and develops enumeration skills, both externally and internally. Foothold is obtained through an authenticated RCE that exploits improper input sanitization. Further enumeration reveals a plaintext password that is reused by another user, allowing escalation of privileges. Finally, root access is obtained through a zero-day exploit found in the Enlightenment Window Manager.
A medium rated Linux box that involves exploiting a Server-Side Template Injection (SSTI) vulnerability to get a reverse shell as a low level user. Further privilege escalation requires finding a weak password in a database table, which leads the attacker to another user. Root user is obtained by exploiting a vulnerability in qpdf.
An easy rated linux machine that is found to be running a vulnerable version of Chamilo that allows the attacker to perform an unathenticated remote file upload. The attacker uses this to obtain a reverse shell onto the machine. Privilege escalation is obtained from exploiting a custom bash script found in /opt.
A medium rated Linux machine that has the attacker exploit an authenticated RCE CVE to obtain user shell. Pivoting from there, the user will need to scan for other wireless networks and obtain a PSK using a Pixie Dust attack. After generating a WPA passphrase and connecting to the wireless network, the attacker is able to connect via SSH.