This machine is of medium difficulty, I liked the intrusion much more than the escalation, for the intrusion I managed to download a .bak file that had the code of the page, seeing it I realized that I was dealing with an insecure deserialization in PHP, I serialized malicious code and uploaded it to the server, for the escalation I had to include my public key before it was copied to known_hosts.
This is an easy difficulty machine, I liked the intrusion better, for its intrusion I took advantage of a file upload field, I used a script that created the malicious template, I uploaded it, I listened with netcat and gained a Shell. For privilege escalation I used the sudo -ly command and like all users it allowed me to execute the Metasploit binary.
This is an easy difficulty machine, I liked the intrusion better, for its intrusion I took advantage of a file upload field, I used a script that created the malicious template, I uploaded it, I listened with netcat and gained a Shell. For privilege escalation I used the sudo -ly command and like all users it allowed me to execute the Metasploit binary.