Skynet is a fun Terminator themed linux box to practice enumeration on. Getting an intial foothold involves exploiting a straightforward remote file inclusion bug, but we’ll go through a fair amount of enumerating multiple services before finding the way in. After that we’ll use the tar command’s ability to execute arbitrary commands to escalate our privileges and grab the root flag.

RootMe is an easy Linux box where we’ll exploit the ability to upload an arbitrary file to get remote code execution. It’s a good box for practicing how to approach a file upload vulnerability when the developer has put some basic defenses in place that must be circumvented in order to achieve RCE.

Mr Robot is an easy linux box based on the TV series that hosts a WordPress site. We’ll start with some enumeration to find a wordlist that helps us brute force our way into the WP admin panel. Once we have our shell we find a password hash we can crack to access their account and get the 2nd flag.

Glitch is a vulnerable NodeJS application with a backdoor in its API which we’ll use to establish an initial foothold. The post-exploitation portion of this box was a lot of fun! We’ll see how to exfiltrate a user’s Firefox profile and run it locally to access their saved logins. After that, escalating to root is more straightforward.

Kiba is a quick and fun challenge where we’ll attack a vulnerability in a popular open source data visualization application called Kibana to get remote code execution and gain shell access on the host.