Skip to main content

March-2025 Updates - New Exclusive Content

Diablo avatar
Written by Diablo
Updated over a month ago

We’ve introduced two new exclusive machines and four training machines to Dedicated Labs.


NEW EXCLUSIVE MACHINES

GoCow

Difficulty

Easy- Penetration Testing Level 1

Areas of Interest

Phishing,CVE

Technologies

Cowmail, Docker

Languages

Python

Skills

Enumeration, Basic Windows Knowledge, Basic Phishing Attacks

Idurar

Difficulty

Very Easy - Penetration Tester Level 1

Areas of Interest

Web Applications, CVE

Technologies

Nginx, IDURAR

Languages

NodeJS

Skills

Enumeration, Basic Linux Knowledge, Basic Knowledge of Web Application attacks


NEW TRAINING MACHINES

The retired community machines from 20th October to 20th November are detailed below.

Yummi

  • A hard box that starts with a Restaurant web app using Caddy web service, on port 80, where an attacker finds an arbitrary file read HTTP Location header, which is not handled and sanitized properly by default Caddy default configuration. Reading the source code, the web app uses JWT RSA keypairs to forge an admin token and escalate privileges on the web app. The admin panel has an SQL injection, allowing arbitrary file write, the attacker now overwrites a file running periodically (cronjob). Improper directory permissions allow the attacker to move laterally to www-data and eventually dev user. The dev user can execute rsync binary as root, which helps escalate privileges to root.

Certified

  • A medium-difficulty Windows machine designed around an assumed breach scenario, where credentials for a low-privileged user are provided. To gain access to the management_svc account, ACLs (Access Control Lists) over privileged objects are enumerated leading us to discover that judith.mader which has the write owner ACL over management group, management group has GenericWrite over the management_svc account where we can finally authenticate to the target using WinRM obtaining the user flag. Exploitation of the Active Directory Certificate Service (ADCS) is required to get access to the Administrator account by abusing shadow credentials and ESC9.

Instant

  • A medium difficulty machine that includes reverse engineering a mobile application, exploiting API endpoints, and cracking encrypted hashes and files. Players will analyze an APK to extract sensitive information and a hardcoded authorization token, then they will exploit an API endpoint vulnerable to Arbitrary File Read. Finally, they will achieve full system compromise by decrypting and analyzing encrypted session data from Solar-PuTTY.

Chemistry

  • An easy-difficulty Linux machine that showcases a Remote Code Execution (RCE) vulnerability in the pymatgen (CVE-2024-23346) Python library by uploading a malicious CIF file to the hosted CIF Analyzer website on the target. After discovering and cracking hashes, we authenticate to the target via SSH as rosa user. For privilege escalation, we exploit a Path Traversal vulnerability that leads to an Arbitrary File Read in a Python library called AioHTTP (CVE-2024-23334) which is used on the web application running internally to read the root flag.

Looking for more content, features, or a place to leave feedback?

Book your spot for a 15-minute call where we can discuss how to level up your training!

Did this answer your question?