Skip to main contentSkip to main content
Room Banner
Room Icon

Smol

Test your enumeration skills on this boot-to-root machine.

medium

60 min

19,171

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

Score updated
Score updated

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Lab machine
Status:Off

At the heart of Smol is a WordPress website, a common target due to its extensive plugin ecosystem. The machine showcases a publicly known vulnerable plugin, highlighting the risks of neglecting software updates and security patches. Enhancing the learning experience, Smol introduces a backdoored plugin, emphasizing the significance of meticulous code inspection before integrating third-party components.

Quick Tips: Do you know that on computers without GPU like the AttackBox, is faster than Hashcat?

Note: Please allow 4 minutes for the to fully boot up.

Answer the questions below
What is the user flag?

What is the root flag?

We use cookies to ensure you get the best user experience. For more information see our cookie policy.