- Author Description
- Service Enumeration
- Web Application Investigation
- Non privileged shell
- Local Enumeration
- Privilege Escalation
The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges.
OpenSSH 4.7p1 Debian 8ubuntu1.3 (protocol 2.0)
Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch)
Web Application Investigation
Enumeration of the website discovered it was likely vulnerable to an SQL Injection, entering
id=' rendered the following MySQL error:
SQLMap was used to successfully dump the databases and crack the hashes:
Non privileged shell
Due to password reuse both accounts were able to ssh, dreg had a limited shell.
Local enumeration of loneferrets home dir disclosed:
sudo ht rendered a file explorer, the user
loneferret was added to the sudoers group, making privilege escalation trivial.