harder
Real pentest findings combined
medium
To access material, start machines and answer questions login.
The machine is completely inspired by real world pentest findings. Perhaps you will consider them very challenging but without any rabbit holes. Once you have a shell it is very important to know which underlying distribution is used and where certain configurations are located.
Hints to the initial foodhold: Look closely at every request. Re-scan all newly found web services/folders and may use some wordlists from seclists (https://tools.kali.org/password-attacks/seclists (opens in new tab)). Read the source with care.
Edit: There is a second way to get root access without using any key...are you able to spot the bug?
Escalate your privileges and get the root Flag (root.txt)
Ready to learn Cyber Security?
TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.
Already have an account? Log in