Busqueda is an easy Linux machine involving command injection in a Python module for initial access. Privilege escalation is achieved by abusing a root-executable system checkup script with a relative path vulnerability, discovered via Gitea creds and repo analysis.
Blurry is a medium-difficulty Linux machine exploiting recent ClearML CVEs (CVE-2024-24590 to CVE-2024-24595) for RCE via its web, API, and file services. Privilege escalation involves crafting a malicious PyTorch model to bypass insecure deserialization checks using runpy.
BoardLight is an easy Linux machine exploiting Dolibarr CVE-2023-30253 to gain www-data, then SSH access via plaintext creds. Privilege escalation is achieved through a vulnerable SUID Enlightenment binary (CVE-2022-37706) for root access.
Editorial is an easy Linux machine using an SSRF vulnerability to access an internal API and retrieve SSH credentials. Further Git enumeration reveals more creds, with root access gained via CVE-2022-24439 and misconfigured sudo permissions.
MagicGardens is an insane Linux box starting with SSRF and XSS in a QR code to access the Django admin panel and gain SSH. Lateral movement involves reversing a traffic analyzer, with root achieved by exploiting insecure deserialization in Docker and escaping via a custom kernel module.
Intuition is a hard Linux machine that starts with a CSRF attack and Python urllib CVE-2023-24329 to access server files and source code. Foothold leads to FTP access via LFI, with root gained by reversing a custom binary and exploiting Ansible CVE-2023-5115 for path traversal.