├── Abusing Sudo Rights.md ├── All.md ├── Bruteforce.md ├── Buffer Overflow.md ├── Capabilities.md ├── Chkrootkit.md ├── Cracking etc shadow.md ├── Crontab.md ├── Docker.md ├── Enumeration.md ├── Json.md ├── Kernel Exploit.md ├── LXD.md ├── MySQL.md ├── NFS.md ├── Path Variable.md ├── README.md ├── Redis.md ├── SUID Bit.md ├── Wildcard Injection.md ├── Writable etc passwd file.md └── Writable files or script as root.md /Abusing Sudo Rights.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by Abusing Sudo Rights (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which privilege Escalation would be done by Abusing Sudo Rights. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 |

10 | 11 | ## Sudo Cheatsheet (Files/Binaries) 12 | 13 | This is a List of CTF Challenges in which privilege Escalation would be done by Abusing Sudo Rights sorted based on the File or Binary that will be used to Escalate Privileges. 14 | |No.|Machine Name|Files/Binaries| 15 | |-------|--------------|----------------| 16 | |1.|[Ted:1](https://www.hackingarticles.in/ted1-vulnhub-walkthrough/)|apt-get| 17 | |2.|[KFIOFan : 1](https://www.hackingarticles.in/kfiofan1-vulnhub-walkthrough/)|awk| 18 | |3.|[21 LTR: Scene1](https://www.hackingarticles.in/hack-the-21ltr-scene-1-vm-boot-to-root/)|cat| 19 | |4.|[Skytower](https://www.hackingarticles.in/hack-the-skytower-ctf-chAllenge/)|cat| 20 | |5.|[Matrix : 1](https://www.hackingarticles.in/matrix-1-vulnhub-walkthrough/)|cp| 21 | |6.|[Sputnik 1](https://www.hackingarticles.in/sputnik-1-vulnhub-walkthrough/)|ed| 22 | |7.|[Sunset](https://www.hackingarticles.in/sunset-vulnhub-walkthrough/)|ed| 23 | |8.|[DC-2](https://www.hackingarticles.in/dc-2-walkthrough/)|git| 24 | |9.|[Kioptrix : Level 1.2](https://www.hackingarticles.in/hack-the-kioptrix-level-1-2-boot2root-chAllenge/)|ht| 25 | |10.|[Matrix-3](https://www.hackingarticles.in/matrix-3-vulnhub-walkthrough/)|manual| 26 | |11.|[symfonos : 2](https://www.hackingarticles.in/symfonos2-vulnhub-walkthrough/)|MySQL| 27 | |12.|[Development](https://www.hackingarticles.in/development-vulnhub-walkthrough/)|nano| 28 | |13.|[SP ike](https://www.hackingarticles.in/sp-ike-vulnhub-lab-walkthrough/)|nmap| 29 | |14.|[DC6](https://www.hackingarticles.in/dc6-lab-walkthrough/)|nmap| 30 | |15.|[Dina](https://www.hackingarticles.in/hack-dina-vm-ctf-chAllenge/)|perl| 31 | |16.|[Wakanda : 1](https://www.hackingarticles.in/hack-the-wakanda-1-ctf-chAllenge/)|pip| 32 | |17.|[Violator](https://www.hackingarticles.in/hack-the-violator-ctf-chAllenge/)|proftpd| 33 | |18.|[Broken: Gallery](https://www.hackingarticles.in/broken-gAllery-vulnhub-walkthrough/)|reboot/timedatectl| 34 | |19.|[DE-ICE:S1.120](https://www.hackingarticles.in/hack-the-de-ice-s1-120-vm-boot-to-root/)|script| 35 | |20.|[Fristileaks](https://www.hackingarticles.in/hack-fristileaks-vm-ctf-chAllenge/)|script| 36 | |21.|[DerpNStink](https://www.hackingarticles.in/hack-the-derpnstink-vm-ctf-chAllenge/)|script| 37 | |22.|[Digitalworld.local : JOY](https://www.hackingarticles.in/digitalworld-local-joy-vulnhub-walkthrough/)|script| 38 | |23.|[PumpkinFestival](https://www.hackingarticles.in/mission-pumpkin-v1-0-pumpkinfestival-vulnhub-walkthrough/)|script| 39 | |24.|[The Ether: Evil Science](https://www.hackingarticles.in/hack-ether-evilscience-vm-ctf-chAllenge/)|script| 40 | |25.|[HA:Rudra](https://www.hackingarticles.in/ha-rudra-vulnhub-walkthrough/)|script| 41 | |26.|[djinn:1](https://www.hackingarticles.in/djinn1-vulnhub-walkthrough/)|script| 42 | |27.|[UA: Literally Vulnerable](https://www.hackingarticles.in/ua-literally-vulnerable-vulnhub-walkthrough/)|script| 43 | |28.|[PumpkinRaising](https://www.hackingarticles.in/pumpkinraising-vulnhub-walkthrough/)|strace| 44 | |29.|[Unknowndevice64 : 1](https://www.hackingarticles.in/unknowndevice64-1-vulnhub-lab-walkthrough/)|strace| 45 | |30.|[Holynix: v1](https://www.hackingarticles.in/hack-the-holynix-v1-boot-2-root-chAllenge/)|tar| 46 | |31.|[Breach 2.1](https://www.hackingarticles.in/hack-breach-2-1-vm-ctf-chAllenge/)|tcpdump| 47 | |32.|[Temple of Doom](https://www.hackingarticles.in/hack-the-temple-of-doom-ctf-chAllenge/)|tcpdump| 48 | |33.|[Web Developer : 1](https://www.hackingarticles.in/web-developer-1-vulnhub-lab-walkthrough/)|tcpdump| 49 | |34.|[DC-4](https://www.hackingarticles.in/dc-4-vulnhub-walkthrough/)|teehee| 50 | |35.|[Serial: 1](https://www.hackingarticles.in/serial-1-vulnhub-walkthrough/)|vim| 51 | |36.|[Zico 2](https://www.hackingarticles.in/hack-zico2-vm-ctf-chAllenge/)|zip| 52 | |37.|[HA: Dhanush](https://www.hackingarticles.in/ha-dhanush-vulnhub-walkthrough/)|zip| 53 | |38.|[Sunset: Nightfall](https://www.hackingarticles.in/sunset-nightfall-vulnhub-walkthrough/)|cat| 54 | |39.|[HA: Infinity Stones](https://www.hackingarticles.in/ha-infinity-stones-vulnhub-walkthrough/)|ftp| 55 | |40.|[Sunset-Sunrise](https://www.hackingarticles.in/sunset-sunrise-vulnhub-walkthrough/)|wine| 56 | |41.|[Me and My Girlfreind:1](https://www.hackingarticles.in/me-and-my-girlfreind1-vulnhub-walkthrough/)|php| 57 | -------------------------------------------------------------------------------- /All.md: -------------------------------------------------------------------------------- 1 | # Lab Designed for all types of Privilege Escalation (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which the complete lab is designed for Privilege Escalation. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | | No | Machine Name | 10 | |----|---------------------------------------------------------------------------------------------------------| 11 | |1. |[Lin.Security](https://www.hackingarticles.in/hack-the-lin-security-vm-boot-to-root/)| 12 | |2. |[Escalate_Linux](https://www.hackingarticles.in/escalate_linux-vulnhub-walkthrough-part-1/)| 13 | |3. |[Jigsaw:1](https://www.hackingarticles.in/jigsaw1-vulnhub-walkthrough/)| 14 | -------------------------------------------------------------------------------- /Bruteforce.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by Bruteforce (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which Privilege Escalation would be done by Bruteforce. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | | No | Machine Name | 10 | |----|---------------------------------------------------------------------------------------------------------| 11 | |1. |[Rickdiculouslyeasy](https://www.hackingarticles.in/hack-rickdiculouslyeasy-vm-ctf-challenge/)| 12 | |2. |[RootThis : 1](https://www.hackingarticles.in/vulnhub-rootthis-1-walkthrough/)| 13 | |3. |[LAMPSecurity: CTF 8](https://www.hackingarticles.in/hack-the-lampsecurity-ctf8-ctf-challenge-2/)| 14 | |4. |[Cyberry:1](https://hackingarticles.in/hack-vm-cyberry-1boot2root-challenge/)| 15 | |5. |[Born2root](https://www.hackingarticles.in/hack-born2root-vm-ctf-challenge/) | 16 | -------------------------------------------------------------------------------- /Buffer Overflow.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by Buffer Overflow (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which privilege Escalation would be done by Buffer Overflow. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | | No | Machine Name | 10 | |----|---------------------------------------------------------------------------------------------------------| 11 | |1. |[Tr0ll 2](https://www.hackingarticles.in/hack-the-tr0ll-2-boot2root-challenge/)| 12 | |2. |[IMF](https://www.hackingarticles.in/hack-imf-vm-ctf-challenge/)| 13 | |3. |[BSides London 2017](https://www.hackingarticles.in/hack-the-bsides-london-vm-2017boot2root/)| 14 | |4. |[PinkyPalace](https://www.hackingarticles.in/hack-the-pinkypalace-vm-ctf-challenge/)| 15 | |5. |[ROP Primer](https://www.hackingarticles.in/hack-the-rop-primer-1-0-1-ctf-challenge/)| 16 | |6. |[CTF KFIOFAN:2](https://www.hackingarticles.in/ctf-kfiofan-2-vulnhub-walkthorugh/)| 17 | |7. |[Kioptrix : Level 1](https://www.hackingarticles.in/hack-the-kioptrix-level-1/)| 18 | |8. |[Silky-CTF: 0x02](https://www.hackingarticles.in/silky-ctf-0x02-vulhub-walkthrough/)| 19 | -------------------------------------------------------------------------------- /Capabilities.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by Capabilities (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which privilege Escalation would be done by Capabilities. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | | No | Machine Name | 10 | |----|---------------------------------------------------------------------------------------------------------| 11 | |1. |[Kuya : 1](https://www.hackingarticles.in/vulnhub-kuya-1-walkthrough/)| 12 | |2. |[DomDom: 1](https://www.hackingarticles.in/domdom-1-vulnhub-walkthrough/)| 13 | |3. |[HA: Naruto](https://www.hackingarticles.in/ha-naruto-vulnhub-walkthrough/) 14 | -------------------------------------------------------------------------------- /Chkrootkit.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by Chkrootkit (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which Privilege Escalation would be done by Chkrootkit. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | | No | Machine Name | 10 | |----|---------------------------------------------------------------------------------------------------------| 11 | |1. |[SickOS 1.2](https://www.hackingarticles.in/hack-the-sickos-1-2-vm-ctf-challenge/)| 12 | |2. |[Sedna](https://www.hackingarticles.in/hack-sedna-vm-ctf-challenge/)| 13 | |3. |[HA: Chanakya](https://www.hackingarticles.in/ha-chanakya-vulnhub-walkthrough/)| 14 | -------------------------------------------------------------------------------- /Cracking etc shadow.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by Cracking /etc/shadow (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which Privilege Escalation would be done by Cracking /etc/shadow file. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | | No | Machine Name | 10 | |----|---------------------------------------------------------------------------------------------------------| 11 | |1. |[DE-ICE:S1.140](https://www.hackingarticles.in/hack-the-de-ice-s1-140-boot-to-root/)| 12 | |2. |[Minotaur](https://www.hackingarticles.in/hack-minotaur-vm-ctf-challenge/)| 13 | |3. |[Moonraker:1](https://www.hackingarticles.in/moonraker1-vulnhub-walkthrough/)| 14 | |4. |[Basic Penetration](https://www.hackingarticles.in/hack-the-basic-penetration-vm-boot2root-challenge/)| 15 | |5. |[W1R3S.inc](https://www.hackingarticles.in/hack-the-w1r3s-inc-vm-ctf-challenge/)| 16 | -------------------------------------------------------------------------------- /Crontab.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by Crontab (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which privilege Escalation would be done by Crontab. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | | No | Machine Name | 10 | |----|---------------------------------------------------------------------------------------------------------| 11 | |1. |[Billy Madison](https://www.hackingarticles.in/hack-billy-madison-vm-ctf-challenge/) | 12 | |2. |[BSides Vancuver: 2018](https://www.hackingarticles.in/hack-the-bsides-vancouver2018-vm-boot2root-challenge/)| 13 | |3. |[Jarbas : 1](https://www.hackingarticles.in/hack-the-jarbas-1-ctf-challenge/)| 14 | |4. |[SP:Jerome](https://www.hackingarticles.in/spjerome-vulnhub-walkthrough/)| 15 | |5. |[dpwwn: 1](https://www.hackingarticles.in/dpwwn-1-vulnhub-walkthrough/)| 16 | -------------------------------------------------------------------------------- /Docker.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by Docker (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which privilege Escalation would be done by Docker. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | | No | Machine Name | 10 | |----|---------------------------------------------------------------------------------------------------------| 11 | |1. |[Donkey Docker](https://www.hackingarticles.in/hack-donkeydocker-ctf-challenge/)| 12 | |2. |[Game of Thrones](https://www.hackingarticles.in/hack-game-thrones-vm-ctf-challenge/)| 13 | |3. |[HackinOS : 1](https://www.hackingarticles.in/hackinos1-vulnhub-lab-walkthrough/)| 14 | |4. |[HA: Chakravyuh](https://www.hackingarticles.in/ha-chakravyuh-vulnhub-walkthrough/)| 15 | |5. |[Mumbai:1](https://www.hackingarticles.in/mumbai1-vulnhub-walkthrough/)| 16 | |6. |[Sunset: dusk](https://www.hackingarticles.in/sunset-dusk-vulnhub-walkthrough/)| 17 | -------------------------------------------------------------------------------- /Enumeration.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by Enumeration (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which privilege Escalation would be done by Enumeration. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | | No. | Machine Name | 10 | |-----|-----------------------------------------------------------------------------------------------------------------------| 11 | | 1. | [The Library:1](https://hackingarticles.in/the-library1-vulnhub-walkthrough/) | 12 | | 2. | [The Library:2](https://www.hackingarticles.in/the-library2-vulnhub-walkthrough/) | 13 | | 3. | [LAMPSecurity: CTF 4](https://www.hackingarticles.in/hack-the-lampsecurity-ctf4-ctf-challenge/) | 14 | | 4. | [LAMPSecurity: CTF 7](https://www.hackingarticles.in/hack-the-lampsecurity-ctf-7-ctf-challenge/) | 15 | | 5. | [Xerxes: 1](https://www.hackingarticles.in/xerxes-1-vulnhub-walkthrough/) | 16 | | 6. | [pWnOS -2.0](https://www.hackingarticles.in/hack-the-pwnos-2-0-boot-2-root-challenge/) | 17 | | 7. | [DE-ICE:S1.130](https://www.hackingarticles.in/hack-the-de-ice-s1-130-boot2root-challenge/) | | 8. | [SickOS 1.1](https://www.hackingarticles.in/hack-sickos-1-1-vm-ctf-challenge/) | 18 | | 9. | [Tommyboy](https://www.hackingarticles.in/hack-tommyboy-vm-ctf-challenge/) | 19 | | 10. | [VulnOS: 1](https://www.hackingarticles.in/hack-the-vulnos-1-ctf-challenge/) | 20 | | 11. | [Spyder Sec](https://www.hackingarticles.in/hack-spydersec-vm-ctf-challenge/) | 21 | | 12. | [Acid](https://www.hackingarticles.in/hack-acid-vm-ctf-challenge/) | 22 | | 13. | [Necromancer](https://www.hackingarticles.in/hack-necromancer-vm-ctf-challenge/) | 23 | | 14. | [Freshly](https://www.hackingarticles.in/hack-freshly-vm-ctf-challenge/) | 24 | | 15. | [Fortress](https://www.hackingarticles.in/hack-fortress-vm-ctf-challenge/) | 25 | | 16. | [Billu : B0x](https://www.hackingarticles.in/hack-billu-b0x-vm-boot2root-challenge/) | 26 | | 17. | [Defence Space](https://www.hackingarticles.in/hack-the-defense-space-vm-ctf-challengehack-defense-vm-ctf-challenge/) | 27 | | 18. | [Moria 1.1](https://www.hackingarticles.in/hack-moria-1-1-ctf-challenge/) | 28 | | 19. | [Analougepond](https://www.hackingarticles.in/hack-analougepond-vm-ctf-challenge/) | 29 | | 20. | [Lazysysadmin](https://www.hackingarticles.in/hack-lazysysadmin-vm-ctf-challenge/) | 30 | | 21. | [Bulldog](https://www.hackingarticles.in/hack-bulldog-vm-boot2root-challenge/) | 31 | | 22. | [BTRSys 1](https://www.hackingarticles.in/hack-btrsys1-vm-boot2root-challenge/) | 32 | | 23. | [G0rmint](https://www.hackingarticles.in/hack-g0rmint-vm-ctf-challenge/) | 33 | | 24. | [Blacklight : 1](https://www.hackingarticles.in/hack-the-blacklight-1-ctf-challenge/) | 34 | | 25. | [The blackmarket](https://www.hackingarticles.in/hack-the-blackmarket-vm-ctf-chAllenge/) | 35 | | 26. | [Matrix 2](https://www.hackingarticles.in/matrix-2-vulnhub-lab-walkthrough/) | 36 | | 27. | [Basic Pentesting : 2](https://www.hackingarticles.in/hack-the-basic-pentesting2-vm-ctf-chAllenge/) | 37 | | 28. | [Depth](https://www.hackingarticles.in/hack-depth-vm-ctf-challenge/)| 38 | | 29. | [Bob: 1.0.1](https://www.hackingarticles.in/hack-the-bob-1-0-1-vm-ctf-challenge/)| 39 | | 30. | [W34kn3ss 1](https://www.hackingarticles.in/w34kn3ss-1-vulnhub-lab-walkthrough/)| 40 | | 31. | [Replay: 1](https://www.hackingarticles.in/replay-1-vulnhub-lab-walkthrough/)| 41 | | 32. | [Born2Root: 2](https://www.hackingarticles.in/born2root-2-vulnhub-walkthrough/)| 42 | | 33. | [CLAMP 1.0.1](https://www.hackingarticles.in/clamp-1-0-1-vulnhub-walkthrough/)| 43 | | 34. | [WestWild: 1.1](https://www.hackingarticles.in/westwild-1-1-vulnhub-walkthorugh/)| 44 | | 35. | [64base](https://www.hackingarticles.in/hack-64base-vm-ctf-challenge/)| 45 | | 36. | [C0m80](https://www.hackingarticles.in/hack-c0m80-vm-boot2root-challenge/)| 46 | | 37. | [Gibson](https://www.hackingarticles.in/hack-gibson-vm-ctf-challenge/)| 47 | | 38. | [Quaoar](https://www.hackingarticles.in/hack-quaoar-vm-ctf-challenge/)| 48 | | 39. | [Hacker Fest: 2019](https://www.hackingarticles.in/hacker-fest-2019-vulnhub-walkthrough/)| 49 | | 40. | [EVM: 1](https://www.hackingarticles.in/evm-1-vulnhub-walkthrough/)| 50 | -------------------------------------------------------------------------------- /Json.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by Json (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which privilege Escalation would be done by Json. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | | No | Machine Name |Json| 10 | |----|-----------------------------------------------------------------------------------------|-------| 11 | |1. |[MinU: 1](https://www.hackingarticles.in/hack-the-minu-1-ctf-challenge/)| Json Token| 12 | |2. |[Symfonos:4](https://www.hackingarticles.in/symfonos4-vulnhub-walkthrough/)| Json Pickle| 13 | -------------------------------------------------------------------------------- /Kernel Exploit.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by Kernel Exploit (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which privilege Escalation would be done by Kernel Exploit. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | |No.| Machine Name|Kernel|Exploit| 10 | |-------|----------------------|--------------------------------------------------------|-----------------------------------------| 11 | |1.|[pWnOS -1.0](https://www.hackingarticles.in/hack-the-pwnos-1-0-boot-to-root/)|Linux Kernel 2.6.17 < 2.6.24.1| [5092](https://www.exploit-db.com/exploits/5092)| 12 | |2.|[LAMPSecurity: CTF 5](https://www.hackingarticles.in/hack-the-lampsecurity-ctf-5-ctf-challenge/)|Linux Kernel 2.4/2.6|[9479](https://www.exploit-db.com/exploits/9479)| 13 | |3.|[Kioptrix : Level 1.1](https://www.hackingarticles.in/hack-the-kioptrix-level-2-boot2root-challenge/)|CentOS 4.4/4.5 / Fedora Core 4/5/6 x86)|[9542](https://www.exploit-db.com/exploits/9542)| 14 | |4.|[Hackademic-RTB1](https://www.hackingarticles.in/hack-the-hackademic-rtb1-vm-boot-to-root/)| RDS Protocol' Local Privilege Escalation| [15285](https://www.exploit-db.com/exploits/15285)| 15 | |5.|[Hackademic-RTB2](https://www.hackingarticles.in/hack-the-hackademic-rtb2-boot2root/)|RDS Protocol' Local Privilege Escalation|[15285](https://www.exploit-db.com/exploits/15285)| 16 | |6.|[ch4inrulz : 1.0.1](https://www.hackingarticles.in/hack-the-ch4inrulz-1-0-1-ctf-challenge/)|RDS Protocol' Local Privilege Escalation|[15285](https://www.exploit-db.com/exploits/15285)| 17 | |7.|[Kioprtix: 5](https://www.hackingarticles.in/hack-the-kioptrix-5-ctf-challenge/)|FreeBSD 9.0 - Intel SYSRET Kernel Privilege Escalation|[28718](https://www.exploit-db.com/exploits/28718)| 18 | |8.|[Simple](https://www.hackingarticles.in/hack-simple-vm-ctf-challenge/)|Apport/Abrt (Ubuntu / Fedora)| [36746](https://www.exploit-db.com/exploits/36746)| 19 | |9.|[SecOS: 1](https://www.hackingarticles.in/hack-the-secos1-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 20 | |10.|[Droopy](https://www.hackingarticles.in/hack-droopy-vm-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 21 | |11.|[VulnOS: 2.0](https://www.hackingarticles.in/hack-the-vulnos-2-0-vm-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 22 | |12.|[Fartknocker](https://www.hackingarticles.in/hack-fartknocker-vm-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 23 | |13.|[Super Mario](https://www.hackingarticles.in/hack-super-mario-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 24 | |14.|[Golden Eye:1](https://www.hackingarticles.in/hack-the-golden-eye1-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 25 | |15.|[Typhoon : 1.02](https://www.hackingarticles.in/typhoon-1-02-vulnhub-walkthrough/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 26 | |16.|[GrimTheRipper:1](https://www.hackingarticles.in/grimtheripper-1-vulnhub-walkthrough/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 27 | |17.|[6days](https://www.hackingarticles.in/hack-6days-vm-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 28 | |18.|[Lord of the Root](https://www.hackingarticles.in/hack-lord-root-vm-ctf-challenge/)|Ubuntu 14.04/15.10| [39166](https://www.exploit-db.com/exploits/39166)| 29 | |19.|[Acid Reloaded](https://www.hackingarticles.in/hack-acid-reloaded-vm-ctf-challenge/)|Ubuntu 14.04/15.10|[39166](https://www.exploit-db.com/exploits/39166)| 30 | |20.|[Stapler](https://www.hackingarticles.in/hack-stapler-vm-ctf-challenge/)|Ubuntu 16.04|[39772](https://www.exploit-db.com/exploits/39772)| 31 | |21.|[Sidney](https://www.hackingarticles.in/hack-sydney-vm-ctf-challenge/)|Ubuntu 16.04|[39772](https://www.exploit-db.com/exploits/39772)| 32 | |22.|[DC-3](https://www.hackingarticles.in/dc-3-walkthrough/)|Ubuntu 16.04|[39772](https://www.exploit-db.com/exploits/39772)| 33 | |23.|[Pluck](https://www.hackingarticles.in/hack-pluck-vm-ctf-challenge/)|Dirty COW|[40616](https://www.exploit-db.com/exploits/40616)| 34 | |24.|[Lampiao : 1](https://www.hackingarticles.in/hack-the-lampiao-1-ctf-challenge/)|Dirty COW /proc/self/mem' Race Condition|[40847](https://www.exploit-db.com/exploits/40847)| 35 | |25.|[WinterMute : 1](https://www.hackingarticles.in/hack-the-wintermute-1-ctf-challenge/)|GNU Screen 4.5.0|[41154](https://www.exploit-db.com/exploits/41154)| 36 | |26.|[DC-5](https://www.hackingarticles.in/dc-5-vulnhub-walkthrough/)|GNU Screen 4.5.0|[41154](https://www.exploit-db.com/exploits/41154)| 37 | |27.|[BTRSys:dv 2.1](https://www.hackingarticles.in/hack-btrsys-v2-1-vm-boot2root-challenge/)|Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free|[41458](https://www.exploit-db.com/exploits/41458)| 38 | |28.|[Nightmare](https://www.hackingarticles.in/hack-the-box-nightmare-walkthrough/)|Ubuntu 14.04/16.04 (KASLR / SMEP)|[43418](https://www.exploit-db.com/exploits/43418)| 39 | |29.|[Trollcave](https://www.hackingarticles.in/hack-the-trollcave-vm-boot-to-root/)|Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4)|[44298](https://www.exploit-db.com/exploits/44298)| 40 | |30.|[Prime: 1](https://www.hackingarticles.in/prime-1-vulnhub-walkthrough/)|Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4)| [44298](https://www.exploit-db.com/exploits/44298)| 41 | |31.|[LAMPSecurity: CTF6](https://www.hackingarticles.in/lampsecurity-ctf6-vulnhub-walkthrough/)|Linux Kernel 2.6|[8478](https://www.exploit-db.com/exploits/8478)| 42 | -------------------------------------------------------------------------------- /LXD.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by LXD (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which privilege Escalation would be done by LXD. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | | No | Machine Name | 10 | |----|---------------------------------------------------------------------------------------------------------| 11 | |1. |[AI: Web: 2](https://www.hackingarticles.in/ai-web-2-vulnhub-walkthrough/)| 12 | |2. |[HA: Joker](https://www.hackingarticles.in/ha-joker-vulnhub-walkthrough/)| 13 | -------------------------------------------------------------------------------- /MySQL.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by MySQL (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which privilege Escalation would be done by MySQL. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | | No | Machine Name | 10 | |-----|---------------------------------------------------------------------------------------------------------| 11 | | 1. | [Kioptrix : Level 1.3](https://www.hackingarticles.in/hack-the-kioptrix-level-1-3-boot2root-challenge/) | 12 | | 2. | [Raven](https://www.hackingarticles.in/hack-the-raven-walkthrough-ctf-challenge/) | 13 | | 3. | [Raven : 2](https://www.hackingarticles.in/raven-2-vulnhub-walkthrough/) | 14 | -------------------------------------------------------------------------------- /NFS.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by NFS (Vulnhub) 2 | This is a List of CTF Challenges in which Privilege Escalation would be done by NFS. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 3 | 4 | [1.1]: http://i.imgur.com/tXSoThF.png 5 | [1]: http://www.twitter.com/rajchandel 6 | # Follow us on [![alt text][1.1]][1] 7 | 8 | | No | Machine Name | 9 | |----|---------------------------------------------------------------------------------------------------------| 10 | |1. |[Orcus](https://www.hackingarticles.in/hack-orcus-vm-ctf-challenge/)| 11 | |2. |[FourAndSix](https://www.hackingarticles.in/hack-the-fourandsix-ctf-challenge/)| 12 | -------------------------------------------------------------------------------- /Path Variable.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by Path Variable (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which privilege Escalation would be done using Path Variable. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | |No.| Path Variable | Files | 10 | |-------|-----------------|--------| 11 | |1.| [PwnLab](https://www.hackingarticles.in/penetration-testing-pwnlab-ctf-challenge/)| cat | 12 | |2.| [USV](https://www.hackingarticles.in/hack-usv-vm-ctf-challenge/) | cat | 13 | |3.| [Zeus:1](https://www.hackingarticles.in/zeus1-vulnhub-walkthrough/)| date | 14 | |4.| [The Gemini inc](https://www.hackingarticles.in/hack-the-gemini-inc-ctf-challenge/) | date | 15 | |5.| [EW-Skuzzy](https://www.hackingarticles.in/hack-ew-skuzzy-vm-ctf-challenge/)|id| 16 | |6.| [Nullbyte](https://www.hackingarticles.in/hack-nullbyte-vm-ctf-challenge/) | ps | 17 | |7.| [symfonos : 1](https://www.hackingarticles.in/symfonos1-vulnhub-walkthrough/)| curl | 18 | |8.| [Silky-CTF: 0x01](https://www.hackingarticles.in/silky-ctf-0x01-vulnhub-walkthrough/) | whoami | 19 | |9.| [Beast 2](https://www.hackingarticles.in/beast-2-vulnhub-walkthrough/) | whoami | 20 | |10.| [HA:Arsenal Avengers](https://www.hackingarticles.in/ha-avengers-arsenal-vulnhub-walkthrough/) | ifconfig | 21 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation Cheatsheet (Vulnhub) 2 | 3 | This cheatsheet is aimed at CTF players and beginners to help them understand the fundamentals of privilege escalation with examples. It is not a cheatsheet for enumeration using Linux Commands. Privilege escalation is all about proper enumeration. There are multiple ways to perform the same task. We have performed and compiled this list based on our experience. Please share this with your connections and direct queries and feedback to [Hacking Articles](https://twitter.com/hackinarticles). 4 | 5 | [1.5]: https://raw.githubusercontent.com/Ignitetechnologies/Windows-Privilege-Escalation/main/linked.png 6 | [1.6]: https://www.linkedin.com/company/hackingarticles/ 7 | [1.3]: https://raw.githubusercontent.com/Ignitetechnologies/Windows-Privilege-Escalation/main/discord.png 8 | [1.4]: https://discord.com/invite/kyKvXwK4Bk 9 | [1.1]: https://raw.githubusercontent.com/Ignitetechnologies/Windows-Privilege-Escalation/main/twitter.png 10 | [1]: http://www.twitter.com/hackinarticles 11 | # Follow us on [![alt text][1.1]][1] [![alt text][1.3]][1.4] [![alt text][1.5]][1.6] 12 | 13 | cheatsheet

14 | 15 | 16 | Table of Contents 17 | ================= 18 | 19 | * [Abusing Sudo Rights](#sudo) 20 | * [SUID Bit](#suid) 21 | * [Kernel Exploit](#kernel) 22 | * [Path Variable](#path) 23 | * [Enumeration](#enum) 24 | * [MySQL](#mysql) 25 | * [Cronjob](#cronjob) 26 | * [Wildcard Injection](#wild) 27 | * [Capabilities](#capabilities) 28 | * [Writable /etc/passwd file](#etc) 29 | * [Writable files or script](#root) 30 | * [Buffer Overflow](#buffer) 31 | * [Docker](#docker) 32 | * [Chkrootkit](#chkrootkit) 33 | * [Bruteforce](#bruteforce) 34 | * [Crack /etc/shadow](#shadow) 35 | * [NFS](#nfs) 36 | * [Json](#json) 37 | * [Redis](#redis) 38 | * [LXD](#lxd) 39 | * [All](#all) 40 | * [Exim](#exim) 41 | * [Apache2 Writable](#apache2) 42 | 43 | 44 | ## Abusing Sudo Rights [⤴](#table-of-contents) 45 | 46 | |No.|Machine Name|Files/Binaries| 47 | |-------|--------------|----------------| 48 | |1.|[Ted:1](https://www.hackingarticles.in/ted1-vulnhub-walkthrough/)|apt-get| 49 | |2.|[KFIOFan : 1](https://www.hackingarticles.in/kfiofan1-vulnhub-walkthrough/)|awk| 50 | |3.|[21 LTR: Scene1](https://www.hackingarticles.in/hack-the-21ltr-scene-1-vm-boot-to-root/)|cat| 51 | |4.|[Skytower](https://www.hackingarticles.in/hack-the-skytower-ctf-chAllenge/)|cat| 52 | |5.|[Matrix : 1](https://www.hackingarticles.in/matrix-1-vulnhub-walkthrough/)|cp| 53 | |6.|[Sputnik 1](https://www.hackingarticles.in/sputnik-1-vulnhub-walkthrough/)|ed| 54 | |7.|[Sunset](https://www.hackingarticles.in/sunset-vulnhub-walkthrough/)|ed| 55 | |8.|[DC-2](https://www.hackingarticles.in/dc-2-walkthrough/)|git| 56 | |9.|[Kioptrix : Level 1.2](https://www.hackingarticles.in/hack-the-kioptrix-level-1-2-boot2root-chAllenge/)|ht| 57 | |10.|[Matrix-3](https://www.hackingarticles.in/matrix-3-vulnhub-walkthrough/)|manual| 58 | |11.|[symfonos : 2](https://www.hackingarticles.in/symfonos2-vulnhub-walkthrough/)|MySQL| 59 | |12.|[Development](https://www.hackingarticles.in/development-vulnhub-walkthrough/)|nano| 60 | |13.|[SP ike](https://www.hackingarticles.in/sp-ike-vulnhub-lab-walkthrough/)|nmap| 61 | |14.|[DC6](https://www.hackingarticles.in/dc6-lab-walkthrough/)|nmap| 62 | |15.|[Dina](https://www.hackingarticles.in/hack-dina-vm-ctf-chAllenge/)|perl| 63 | |16.|[Wakanda : 1](https://www.hackingarticles.in/hack-the-wakanda-1-ctf-chAllenge/)|pip| 64 | |17.|[Violator](https://www.hackingarticles.in/hack-the-violator-ctf-chAllenge/)|proftpd| 65 | |18.|[Broken: Gallery](https://www.hackingarticles.in/broken-gAllery-vulnhub-walkthrough/)|reboot/timedatectl| 66 | |19.|[DE-ICE:S1.120](https://www.hackingarticles.in/hack-the-de-ice-s1-120-vm-boot-to-root/)|script| 67 | |20.|[Fristileaks](https://www.hackingarticles.in/hack-fristileaks-vm-ctf-chAllenge/)|script| 68 | |21.|[DerpNStink](https://www.hackingarticles.in/hack-the-derpnstink-vm-ctf-chAllenge/)|script| 69 | |22.|[Digitalworld.local : JOY](https://www.hackingarticles.in/digitalworld-local-joy-vulnhub-walkthrough/)|script| 70 | |23.|[PumpkinFestival](https://www.hackingarticles.in/mission-pumpkin-v1-0-pumpkinfestival-vulnhub-walkthrough/)|script| 71 | |24.|[The Ether: Evil Science](https://www.hackingarticles.in/hack-ether-evilscience-vm-ctf-chAllenge/)|script| 72 | |25.|[HA:Rudra](https://www.hackingarticles.in/ha-rudra-vulnhub-walkthrough/)|script| 73 | |26.|[djinn:1](https://www.hackingarticles.in/djinn1-vulnhub-walkthrough/)|script| 74 | |27.|[UA: Literally Vulnerable](https://www.hackingarticles.in/ua-literally-vulnerable-vulnhub-walkthrough/)|script| 75 | |28.|[PumpkinRaising](https://www.hackingarticles.in/pumpkinraising-vulnhub-walkthrough/)|strace| 76 | |29.|[Unknowndevice64 : 1](https://www.hackingarticles.in/unknowndevice64-1-vulnhub-lab-walkthrough/)|strace| 77 | |30.|[Holynix: v1](https://www.hackingarticles.in/hack-the-holynix-v1-boot-2-root-chAllenge/)|tar| 78 | |31.|[Breach 2.1](https://www.hackingarticles.in/hack-breach-2-1-vm-ctf-chAllenge/)|tcpdump| 79 | |32.|[Temple of Doom](https://www.hackingarticles.in/hack-the-temple-of-doom-ctf-chAllenge/)|tcpdump| 80 | |33.|[Web Developer : 1](https://www.hackingarticles.in/web-developer-1-vulnhub-lab-walkthrough/)|tcpdump| 81 | |34.|[DC-4](https://www.hackingarticles.in/dc-4-vulnhub-walkthrough/)|teehee| 82 | |35.|[Serial: 1](https://www.hackingarticles.in/serial-1-vulnhub-walkthrough/)|vim| 83 | |36.|[Zico 2](https://www.hackingarticles.in/hack-zico2-vm-ctf-chAllenge/)|zip| 84 | |37.|[HA: Dhanush](https://www.hackingarticles.in/ha-dhanush-vulnhub-walkthrough/)|zip| 85 | |38.|[Sunset: Nightfall](https://www.hackingarticles.in/sunset-nightfall-vulnhub-walkthrough/)|cat| 86 | |39.|[HA: Infinity Stones](https://www.hackingarticles.in/ha-infinity-stones-vulnhub-walkthrough/)|ftp| 87 | |40.|[Sunset-Sunrise](https://www.hackingarticles.in/sunset-sunrise-vulnhub-walkthrough/)|wine| 88 | |41.|[Me and My Girlfreind:1](https://www.hackingarticles.in/me-and-my-girlfreind1-vulnhub-walkthrough/)|php| 89 | |42.|[Symfonos:5](https://www.hackingarticles.in/symfonos5-vulnhub-walkthrough/)|dpkg| 90 | |43.|[Five86:2](https://www.hackingarticles.in/five86-2-vulnhub-walkthrough/)| service | 91 | |44.|[Tempus Fugit:1](https://www.hackingarticles.in/tempus-fugit-1-vulnhub-walkthrough/)|Diffrent for every user| 92 | |45.|[DevRandom CTF:1.1](https://www.hackingarticles.in/devrandom-ctf1-1-vulnhub-walkthrough/)|dpkg| 93 | |46.|[Zion: 1.1](https://www.hackingarticles.in/zion-1-1-vulnhub-walkthrough/)|cp| 94 | |47.|[Seppuku:1](https://www.hackingarticles.in/seppuku1-vulnhub-walkthrough/)|script| 95 | |48.|[GitRoot: 1](https://www.hackingarticles.in/gitroot-1-vulnhub-walkthrough/)|git| 96 | |49.|[Tre:1](https://www.hackingarticles.in/tre1-vulnhub-walkthrough/)|shutdown| 97 | |50.|[BlackRose: 1](https://www.hackingarticles.in/blackrose-1-vulnhub-walkthrough/)|script| 98 | |51.|[So Simple:1](https://www.hackingarticles.in/so-simple1-vulnhub-walkthrough/)|script| 99 | |52.|[CryptoBank:1](https://www.hackingarticles.in/cryptobank-1-vulnhub-walkthrough/)|All| 100 | |53.|[Star Wars:1](https://www.hackingarticles.in/star-wars-1-vulnhub-walkthrough/)|All| 101 | |54.|[Mercury](https://www.hackingarticles.in/mercury-vulnhub-walkthrough/)|script| 102 | |55.|[Durian:1](https://www.hackingarticles.in/durian-1-vulnhub-walkthrough/)|script| 103 | |56.|[nyx:1](https://www.hackingarticles.in/nyx-1-vulnhub-walkthrough/)|gcc| 104 | |57.|[Relevant:1](https://www.hackingarticles.in/relevant-1-vulnhub-walkthrough/)|node| 105 | |58.|[Maskcrafter:1.1](https://www.hackingarticles.in/maskcrafter-1-1-vulnhub-walkthrough/)|dpkg| 106 | |59.|[Hogwarts:Bellatrix](https://www.hackingarticles.in/hogwarts-bellatrix-vulnhub-walkthrough/)|vim| 107 | 108 | 109 | 110 | 111 | 112 | ## SUID Bit [⤴](#table-of-contents) 113 | 114 | |No.| Machine Name |SUID Bit| 115 | |-------|------------------------------|-------| 116 | |1.|[Kevgir](https://www.hackingarticles.in/hack-kevgir-vm-ctf-challenge/)|cp| 117 | |2.|[digitalworld.local - BRAVERY](https://www.hackingarticles.in/digitalworld-local-bravery-vulnhub-walkthrough/)|cp| 118 | |3.|[Happycorp : 1](https://www.hackingarticles.in/happycorp1-vulnhub-walkthrough/)|cp| 119 | |4.|[FourAndSix : 2](https://www.hackingarticles.in/fourandsix-2-vulnhub-walkthrough/)|doas| 120 | |5.|[DC-1](https://www.hackingarticles.in/dc-1-vulnhub-walkthrough/)|find| 121 | |6.|[dpwwn:2](https://www.hackingarticles.in/dpwwn2-vulnhub-walkthrough/)|find| 122 | |7.|[MinU: v2](https://www.hackingarticles.in/minu-v2-vulnhub-walkthrough/)|Micro Editor| 123 | |8.|[Toppo:1](https://www.hackingarticles.in/hack-the-toppo1-vm-ctf-challenges/)|python 2.7/mawk| 124 | |9.|[Mr. Robot](https://www.hackingarticles.in/hack-mr-robot-vm-ctf-challenge/)|nmap| 125 | |10.|[Covfefe](https://www.hackingarticles.in/hack-covfefe-vm-ctf-challenge/)|script| 126 | |11.|[/dev/random : K2](https://www.hackingarticles.in/hack-the-dev-random-k2-vm-boot2root-challenge/)|script| 127 | |12.|[hackme1](https://www.hackingarticles.in/hackme-1-vulnhub-walkthrough/)|script| 128 | |13.|[Sunset: dawn](https://www.hackingarticles.in/sunset-dawn-vulnhub-walkthrough/)|zsh| 129 | |14.|[HA: Wordy](https://www.hackingarticles.in/ha-wordy-vulnhub-walkthrough/)|cp| 130 | |15.|[bossplayersCTF 1](https://www.hackingarticles.in/bossplayersctf-1-vulnhub-walkthrough/)|find| 131 | |16.|[In Plain Sight:1](https://www.hackingarticles.in/in-plain-sight1-vulnhub-walkthrough/)|script| 132 | |17.|[Five86:1](https://www.hackingarticles.in/five861-vulnhub-walkthrough/)|script| 133 | |18.|[Geisha:1](https://www.hackingarticles.in/geisha1-vulnhub-walkthrough/)|base32| 134 | |19.|[Victim:1](https://www.hackingarticles.in/victim1-vulnhub-walkthrough/)|nohup| 135 | |20.|[eLection: 1](https://www.hackingarticles.in/election-1-vulnhub-walkthorugh/)|script| 136 | |21.|[Photographer 1](https://www.hackingarticles.in/photographer-1-vulnhub-walkthrough/)|php7.2| 137 | |22.|[DMV :1](https://www.hackingarticles.in/dmv-1-vulnhub-walkthrough/)| script| 138 | |23.|[ShellDredd #1 Hannah](https://www.hackingarticles.in/shelldredd-1-hannah-vulnhub-walkthrough/)| cpulimit| 139 | |24.|[KB-Vuln:3](https://www.hackingarticles.in/kb-vuln-3-vulnhub-walkthrough/)| systemctl| 140 | |25.|[Cybox:1](https://www.hackingarticles.in/cybox-1-vulnhub-walkthrough/)| register| 141 | 142 | 143 | ## Kernel Exploit [⤴](#table-of-contents) 144 | 145 | |No.| Machine Name|Kernel|Exploit| 146 | |-------|----------------------|--------------------------------------------------------|-----------------------------------------| 147 | |1.|[pWnOS -1.0](https://www.hackingarticles.in/hack-the-pwnos-1-0-boot-to-root/)|Linux Kernel 2.6.17 < 2.6.24.1| [5092](https://www.exploit-db.com/exploits/5092)| 148 | |2.|[LAMPSecurity: CTF 5](https://www.hackingarticles.in/hack-the-lampsecurity-ctf-5-ctf-challenge/)|Linux Kernel 2.4/2.6|[9479](https://www.exploit-db.com/exploits/9479)| 149 | |3.|[Kioptrix : Level 1.1](https://www.hackingarticles.in/hack-the-kioptrix-level-2-boot2root-challenge/)|CentOS 4.4/4.5 / Fedora Core 4/5/6 x86)|[9542](https://www.exploit-db.com/exploits/9542)| 150 | |4.|[Hackademic-RTB1](https://www.hackingarticles.in/hack-the-hackademic-rtb1-vm-boot-to-root/)| RDS Protocol' Local Privilege Escalation| [15285](https://www.exploit-db.com/exploits/15285)| 151 | |5.|[Hackademic-RTB2](https://www.hackingarticles.in/hack-the-hackademic-rtb2-boot2root/)|RDS Protocol' Local Privilege Escalation|[15285](https://www.exploit-db.com/exploits/15285)| 152 | |6.|[ch4inrulz : 1.0.1](https://www.hackingarticles.in/hack-the-ch4inrulz-1-0-1-ctf-challenge/)|RDS Protocol' Local Privilege Escalation|[15285](https://www.exploit-db.com/exploits/15285)| 153 | |7.|[Kioprtix: 5](https://www.hackingarticles.in/hack-the-kioptrix-5-ctf-challenge/)|FreeBSD 9.0 - Intel SYSRET Kernel Privilege Escalation|[28718](https://www.exploit-db.com/exploits/28718)| 154 | |8.|[Simple](https://www.hackingarticles.in/hack-simple-vm-ctf-challenge/)|Apport/Abrt (Ubuntu / Fedora)| [36746](https://www.exploit-db.com/exploits/36746)| 155 | |9.|[SecOS: 1](https://www.hackingarticles.in/hack-the-secos1-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 156 | |10.|[Droopy](https://www.hackingarticles.in/hack-droopy-vm-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 157 | |11.|[VulnOS: 2.0](https://www.hackingarticles.in/hack-the-vulnos-2-0-vm-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 158 | |12.|[Fartknocker](https://www.hackingarticles.in/hack-fartknocker-vm-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 159 | |13.|[Super Mario](https://www.hackingarticles.in/hack-super-mario-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 160 | |14.|[Golden Eye:1](https://www.hackingarticles.in/hack-the-golden-eye1-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 161 | |15.|[Typhoon : 1.02](https://www.hackingarticles.in/typhoon-1-02-vulnhub-walkthrough/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 162 | |16.|[GrimTheRipper:1](https://www.hackingarticles.in/grimtheripper-1-vulnhub-walkthrough/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 163 | |17.|[6days](https://www.hackingarticles.in/hack-6days-vm-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)| 164 | |18.|[Lord of the Root](https://www.hackingarticles.in/hack-lord-root-vm-ctf-challenge/)|Ubuntu 14.04/15.10| [39166](https://www.exploit-db.com/exploits/39166)| 165 | |19.|[Acid Reloaded](https://www.hackingarticles.in/hack-acid-reloaded-vm-ctf-challenge/)|Ubuntu 14.04/15.10|[39166](https://www.exploit-db.com/exploits/39166)| 166 | |20.|[Stapler](https://www.hackingarticles.in/hack-stapler-vm-ctf-challenge/)|Ubuntu 16.04|[39772](https://www.exploit-db.com/exploits/39772)| 167 | |21.|[Sidney](https://www.hackingarticles.in/hack-sydney-vm-ctf-challenge/)|Ubuntu 16.04|[39772](https://www.exploit-db.com/exploits/39772)| 168 | |22.|[DC-3](https://www.hackingarticles.in/dc-3-walkthrough/)|Ubuntu 16.04|[39772](https://www.exploit-db.com/exploits/39772)| 169 | |23.|[Pluck](https://www.hackingarticles.in/hack-pluck-vm-ctf-challenge/)|Dirty COW|[40616](https://www.exploit-db.com/exploits/40616)| 170 | |24.|[Lampiao : 1](https://www.hackingarticles.in/hack-the-lampiao-1-ctf-challenge/)|Dirty COW /proc/self/mem' Race Condition|[40847](https://www.exploit-db.com/exploits/40847)| 171 | |25.|[WinterMute : 1](https://www.hackingarticles.in/hack-the-wintermute-1-ctf-challenge/)|GNU Screen 4.5.0|[41154](https://www.exploit-db.com/exploits/41154)| 172 | |26.|[DC-5](https://www.hackingarticles.in/dc-5-vulnhub-walkthrough/)|GNU Screen 4.5.0|[41154](https://www.exploit-db.com/exploits/41154)| 173 | |27.|[BTRSys:dv 2.1](https://www.hackingarticles.in/hack-btrsys-v2-1-vm-boot2root-challenge/)|Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free|[41458](https://www.exploit-db.com/exploits/41458)| 174 | |28.|[Nightmare](https://www.hackingarticles.in/hack-the-box-nightmare-walkthrough/)|Ubuntu 14.04/16.04 (KASLR / SMEP)|[43418](https://www.exploit-db.com/exploits/43418)| 175 | |29.|[Trollcave](https://www.hackingarticles.in/hack-the-trollcave-vm-boot-to-root/)|Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4)|[44298](https://www.exploit-db.com/exploits/44298)| 176 | |30.|[Prime: 1](https://www.hackingarticles.in/prime-1-vulnhub-walkthrough/)|Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4)| [44298](https://www.exploit-db.com/exploits/44298)| 177 | |31.|[LAMPSecurity: CTF6](https://www.hackingarticles.in/lampsecurity-ctf6-vulnhub-walkthrough/)|Linux Kernel 2.6|[8478](https://www.exploit-db.com/exploits/8478)| 178 | |32.|[My File Server:1](https://www.hackingarticles.in/my-file-server-1-vulnhub-walkthrough/)|Dirty COW|[40616](https://www.exploit-db.com/exploits/40616)| 179 | |33.|[VulnUni 1.0.1](https://www.hackingarticles.in/vulnuni-1-0-1-vulnhub-walkthrough/)|GUnet OpenEclass E-learning platform 1.7.3|[48106](https://www.exploit-db.com/exploits/48106)| 180 | |34.|[Sumo: 1](https://www.hackingarticles.in/sumo-1-vulnhub-walkthrough/)|Dirty COW|[40839](https://www.exploit-db.com/exploits/40839)| 181 | |35.|[CyberSploit: 1](https://www.hackingarticles.in/cybersploit-1-vulnhub-walkthrough/)|Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs'|[37292](https://www.exploit-db.com/exploits/37292)| 182 | |36.|[Loly: 1](https://www.hackingarticles.in/loly-1-vulnhub-walkthrough/)|Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) |[45010](https://www.exploit-db.com/exploits/45010)| 183 | |37.|[Tomato: 1](https://www.hackingarticles.in/tomato-1-vulnhub-walkthrough/)|Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) |[45010](https://www.exploit-db.com/exploits/45010)| 184 | 185 | 186 | ## Path Variable [⤴](#table-of-contents) 187 | 188 | |No.| Path Variable | Files | 189 | |-------|-----------------|--------| 190 | |1.| [PwnLab](https://www.hackingarticles.in/penetration-testing-pwnlab-ctf-challenge/)| cat | 191 | |2.| [USV](https://www.hackingarticles.in/hack-usv-vm-ctf-challenge/) | cat | 192 | |3.| [Zeus:1](https://www.hackingarticles.in/zeus1-vulnhub-walkthrough/)| date | 193 | |4.| [The Gemini inc](https://www.hackingarticles.in/hack-the-gemini-inc-ctf-challenge/) | date | 194 | |5.| [EW-Skuzzy](https://www.hackingarticles.in/hack-ew-skuzzy-vm-ctf-challenge/)|id| 195 | |6.| [Nullbyte](https://www.hackingarticles.in/hack-nullbyte-vm-ctf-challenge/) | ps | 196 | |7.| [symfonos : 1](https://www.hackingarticles.in/symfonos1-vulnhub-walkthrough/)| curl | 197 | |8.| [Silky-CTF: 0x01](https://www.hackingarticles.in/silky-ctf-0x01-vulnhub-walkthrough/) | whoami | 198 | |9.| [Beast 2](https://www.hackingarticles.in/beast-2-vulnhub-walkthrough/) | whoami | 199 | |10.| [HA:Arsenal Avengers](https://www.hackingarticles.in/ha-avengers-arsenal-vulnhub-walkthrough/) | ifconfig | 200 | |11.| [Inclusiveness:1](https://www.hackingarticles.in/inclusiveness-1-vulnhub-walkthrough/)|whoami| 201 | |12.| [MuzzyBox:1](https://www.hackingarticles.in/muzzybox-1-vulnhub-walkthrough/)|ls| 202 | |13.| [TBBT:2](https://www.hackingarticles.in/tbbt2-vulnhub-walkthrough/)|sl| 203 | |14.| [Sunset: Midnight](https://www.hackingarticles.in/sunset-midnight-vulnhub-walkthrough/)|service| 204 | |15.| [Healthcare:1](https://www.hackingarticles.in/healthcare-1-vulnhub-walkthrough/)|fdisk| 205 | 206 | 207 | 208 | ## Enumeration [⤴](#table-of-contents) 209 | 210 | | No. | Machine Name | 211 | |-----|-----------------------------------------------------------------------------------------------------------------------| 212 | | 1. | [The Library:1](https://hackingarticles.in/the-library1-vulnhub-walkthrough/) | 213 | | 2. | [The Library:2](https://www.hackingarticles.in/the-library2-vulnhub-walkthrough/) | 214 | | 3. | [LAMPSecurity: CTF 4](https://www.hackingarticles.in/hack-the-lampsecurity-ctf4-ctf-challenge/) | 215 | | 4. | [LAMPSecurity: CTF 7](https://www.hackingarticles.in/hack-the-lampsecurity-ctf-7-ctf-challenge/) | 216 | | 5. | [Xerxes: 1](https://www.hackingarticles.in/xerxes-1-vulnhub-walkthrough/) | 217 | | 6. | [pWnOS -2.0](https://www.hackingarticles.in/hack-the-pwnos-2-0-boot-2-root-challenge/) | 218 | | 7. | [DE-ICE:S1.130](https://www.hackingarticles.in/hack-the-de-ice-s1-130-boot2root-challenge/) | | 8. | | 8. | [SickOS 1.1](https://www.hackingarticles.in/hack-sickos-1-1-vm-ctf-challenge/) | 219 | | 9. | [Tommyboy](https://www.hackingarticles.in/hack-tommyboy-vm-ctf-challenge/) | 220 | | 10. | [VulnOS: 1](https://www.hackingarticles.in/hack-the-vulnos-1-ctf-challenge/) | 221 | | 11. | [Spyder Sec](https://www.hackingarticles.in/hack-spydersec-vm-ctf-challenge/) | 222 | | 12. | [Acid](https://www.hackingarticles.in/hack-acid-vm-ctf-challenge/) | 223 | | 13. | [Necromancer](https://www.hackingarticles.in/hack-necromancer-vm-ctf-challenge/) | 224 | | 14. | [Freshly](https://www.hackingarticles.in/hack-freshly-vm-ctf-challenge/) | 225 | | 15. | [Fortress](https://www.hackingarticles.in/hack-fortress-vm-ctf-challenge/) | 226 | | 16. | [Billu : B0x](https://www.hackingarticles.in/hack-billu-b0x-vm-boot2root-challenge/) | 227 | | 17. | [Defence Space](https://www.hackingarticles.in/hack-the-defense-space-vm-ctf-challengehack-defense-vm-ctf-challenge/) | 228 | | 18. | [Moria 1.1](https://www.hackingarticles.in/hack-moria-1-1-ctf-challenge/) | 229 | | 19. | [Analougepond](https://www.hackingarticles.in/hack-analougepond-vm-ctf-challenge/) | 230 | | 20. | [Lazysysadmin](https://www.hackingarticles.in/hack-lazysysadmin-vm-ctf-challenge/) | 231 | | 21. | [Bulldog](https://www.hackingarticles.in/hack-bulldog-vm-boot2root-challenge/) | 232 | | 22. | [BTRSys 1](https://www.hackingarticles.in/hack-btrsys1-vm-boot2root-challenge/) | 233 | | 23. | [G0rmint](https://www.hackingarticles.in/hack-g0rmint-vm-ctf-challenge/) | 234 | | 24. | [Blacklight : 1](https://www.hackingarticles.in/hack-the-blacklight-1-ctf-challenge/) | 235 | | 25. | [The blackmarket](https://www.hackingarticles.in/hack-the-blackmarket-vm-ctf-chAllenge/) | 236 | | 26. | [Matrix 2](https://www.hackingarticles.in/matrix-2-vulnhub-lab-walkthrough/) | 237 | | 27. | [Basic Pentesting : 2](https://www.hackingarticles.in/hack-the-basic-pentesting2-vm-ctf-chAllenge/) | 238 | | 28. | [Depth](https://www.hackingarticles.in/hack-depth-vm-ctf-challenge/)| 239 | | 29. | [Bob: 1.0.1](https://www.hackingarticles.in/hack-the-bob-1-0-1-vm-ctf-challenge/)| 240 | | 30. | [W34kn3ss 1](https://www.hackingarticles.in/w34kn3ss-1-vulnhub-lab-walkthrough/)| 241 | | 31. | [Replay: 1](https://www.hackingarticles.in/replay-1-vulnhub-lab-walkthrough/)| 242 | | 32. | [Born2Root: 2](https://www.hackingarticles.in/born2root-2-vulnhub-walkthrough/)| 243 | | 33. | [CLAMP 1.0.1](https://www.hackingarticles.in/clamp-1-0-1-vulnhub-walkthrough/)| 244 | | 34. | [WestWild: 1.1](https://www.hackingarticles.in/westwild-1-1-vulnhub-walkthorugh/)| 245 | | 35. | [64base](https://www.hackingarticles.in/hack-64base-vm-ctf-challenge/)| 246 | | 36. | [C0m80](https://www.hackingarticles.in/hack-c0m80-vm-boot2root-challenge/)| 247 | | 37. | [Gibson](https://www.hackingarticles.in/hack-gibson-vm-ctf-challenge/)| 248 | | 38. | [Quaoar](https://www.hackingarticles.in/hack-quaoar-vm-ctf-challenge/)| 249 | | 39. | [Hacker Fest: 2019](https://www.hackingarticles.in/hacker-fest-2019-vulnhub-walkthrough/)| 250 | | 40. | [EVM: 1](https://www.hackingarticles.in/evm-1-vulnhub-walkthrough/)| 251 | | 41. | [EnuBox:Mattermost](https://www.hackingarticles.in/enubox-mattermost-vulnhub-walkthrough/)| 252 | | 42. | [2much:1](https://www.hackingarticles.in/2much-1-vulnhub-walkthrough/)| 253 | | 43. | [mhz_cxf:c1f](https://www.hackingarticles.in/mhz_cxf-c1f-vulnhub-walkthrough/)| 254 | | 44. | [HA: Pandavas](https://www.hackingarticles.in/ha-pandavas-vulnhub-walkthrough/)| 255 | | 45. | [GreenOptic:1](https://www.hackingarticles.in/greenoptic-1-vulnhub-walkthrough/)| 256 | | 46. | [Cewlkid:1](https://www.hackingarticles.in/cewlkid-1-vulnhub-walkthrough/)| 257 | | 47. | [PowerGrid:1.0.1](https://www.hackingarticles.in/powergrid-1-0-1-vulnhub-walkthrough/)| 258 | | 48. | [Insanity:1](https://www.hackingarticles.in/insanity-1-vulnhub-walkthrough/)| 259 | | 49. | [Tempus Fugit:3](https://www.hackingarticles.in/tempus-fugit-3-vulnhub-walkthrough/)| 260 | | 50. | [HA: Forensics](https://www.hackingarticles.in/ha-forensics-vulnhub-walkthrough/)| 261 | | 51. | [HA: Vedas](https://www.hackingarticles.in/ha-vedas-vulnhub-walkthrough/)| 262 | | 52. | [HA: Sherlock](https://www.hackingarticles.in/ha-sherlock-vulnhub-walkthrough/)| 263 | 264 | 265 | ## MySQL [⤴](#table-of-contents) 266 | 267 | | No | Machine Name | 268 | |-----|---------------------------------------------------------------------------------------------------------| 269 | | 1. | [Kioptrix : Level 1.3](https://www.hackingarticles.in/hack-the-kioptrix-level-1-3-boot2root-challenge/) | 270 | | 2. | [Raven](https://www.hackingarticles.in/hack-the-raven-walkthrough-ctf-challenge/) | 271 | | 3. | [Raven : 2](https://www.hackingarticles.in/raven-2-vulnhub-walkthrough/) | 272 | 273 | 274 | ## Cronjob [⤴](#table-of-contents) 275 | | No | Machine Name | 276 | |----|---------------------------------------------------------------------------------------------------------| 277 | |1. |[Billy Madison](https://www.hackingarticles.in/hack-billy-madison-vm-ctf-challenge/) | 278 | |2. |[BSides Vancuver: 2018](https://www.hackingarticles.in/hack-the-bsides-vancouver2018-vm-boot2root-challenge/)| 279 | |3. |[Jarbas : 1](https://www.hackingarticles.in/hack-the-jarbas-1-ctf-challenge/)| 280 | |4. |[SP:Jerome](https://www.hackingarticles.in/spjerome-vulnhub-walkthrough/)| 281 | |5. |[dpwwn: 1](https://www.hackingarticles.in/dpwwn-1-vulnhub-walkthrough/)| 282 | |6. |[Sar](https://www.hackingarticles.in/sar-vulnhub-walkthrough/)| 283 | |7. |[TBBT](https://www.hackingarticles.in/tbbt-funwithflags-vulnhub-walkthrough/)| 284 | |8. |[Glasgow Smile: 1.1](https://www.hackingarticles.in/glasgow-smile-1-1-vulnhub-walkthrough/)| 285 | |9. |[LemonSqueezy:1](https://www.hackingarticles.in/lemonsqueezy1-vulnhub-walkthrough/)| 286 | 287 | 288 | ## Wildcard Injection [⤴](#table-of-contents) 289 | | No | Machine Name | 290 | |----|---------------------------------------------------------------------------------------------------------| 291 | |1. |[Milnet](https://www.hackingarticles.in/hack-milnet-vm-ctf-challenge/)| 292 | |2. |[Pipe](https://www.hackingarticles.in/hack-pipe-vm-ctf-challenge/)| 293 | 294 | 295 | ## Capabilities [⤴](#table-of-contents) 296 | | No | Machine Name | 297 | |----|---------------------------------------------------------------------------------------------------------| 298 | |1. |[Kuya : 1](https://www.hackingarticles.in/vulnhub-kuya-1-walkthrough/)| 299 | |2. |[DomDom: 1](https://www.hackingarticles.in/domdom-1-vulnhub-walkthrough/)| 300 | |3. |[HA: Naruto](https://www.hackingarticles.in/ha-naruto-vulnhub-walkthrough/)| 301 | |4. |[Connect The Dots:1](https://www.hackingarticles.in/connect-the-dots1-vulnhub-walkthough/)| 302 | |5. |[Katana](https://www.hackingarticles.in/katana-vulnhub-walkthrough/)| 303 | |6. |[Presidential: 1](https://www.hackingarticles.in/presidential-1-vulnhub-walkthrough/)| 304 | 305 | ## Writable /etc/passwd file [⤴](#table-of-contents) 306 | | No | Machine Name | 307 | |----|---------------------------------------------------------------------------------------------------------| 308 | |1. |[Hackday Albania](https://www.hackingarticles.in/hack-hackday-albania-vm-ctf-challenge/)| 309 | |2. |[Billu Box 2](https://www.hackingarticles.in/hack-billu-b0x-vm-boot2root-challenge/)| 310 | |3. |[Bulldog 2](https://www.hackingarticles.in/hack-the-bulldog2-ctf-challenge/)| 311 | |4. |[AI: Web: 1](https://www.hackingarticles.in/ai-web-1-vulnhub-walkthrough/)| 312 | |5. |[Westwild: 2](https://www.hackingarticles.in/westwild-2-vulnhub-walkthrough/)| 313 | |6. |[Misdirection 1](https://www.hackingarticles.in/misdirection-1-vulnhub-walkthrough/)| 314 | |7. |[HA: ISRO](https://www.hackingarticles.in/ha-isro-vulnhub-walkthrough/)| 315 | |8. |[Gears of War: EP#1](https://www.hackingarticles.in/gears-of-war-ep1-vulnhub-walkthrough/)| 316 | |9. |[DC:9](https://www.hackingarticles.in/dc-9-vulnhub-walkthrough/)| 317 | |10. |[Sahu](https://www.hackingarticles.in/sahu-vulnhub-walkthrough/)| 318 | |11. |[Sunset: Twilight](https://www.hackingarticles.in/sunset-twilight-vulnhub-walkthrough/)| 319 | |12. |[Chili:1](https://www.hackingarticles.in/chili-1-vulnhub-walkthrough/)| 320 | 321 | 322 | ## Writable files or script [⤴](#table-of-contents) 323 | | No | Machine Name | 324 | |----|---------------------------------------------------------------------------------------------------------| 325 | |1. |[Skydog](https://www.hackingarticles.in/hack-skydog-vm-ctf-challenge/)| 326 | |2. |[Breach 1.0](https://www.hackingarticles.in/hack-breach-1-0-vm-ctf-challenges/)| 327 | |3. |[Bot Challenge: Dexter](https://www.hackingarticles.in/hack-bot-challenge-dexter-boot2root-challenge/)| 328 | |4. |[Fowsniff : 1](https://www.hackingarticles.in/fowsniff-1-vulnhub-walkthrough/)| 329 | |5. |[Mercy](https://www.hackingarticles.in/mercy-vulnhub-walkthrough/)| 330 | |6. |[Casino Royale](https://www.hackingarticles.in/casino-royale-1-vulnhub-walkthrough/)| 331 | |7. |[SP eric](https://www.hackingarticles.in/sp-eric-vulnhub-lab-walkthrough/)| 332 | |8. |[PumpkinGarden](https://www.hackingarticles.in/pumpkingarden-vulnhub-walkthrough/)| 333 | |9. |[Tr0ll: 3](https://www.hackingarticles.in/tr0ll-3-vulnhub-walkthrough/)| 334 | |10. |[Nezuko:1](https://www.hackingarticles.in/nezuko-1-vulnhub-walkthrough/)| 335 | |11. |[Symfonos:3](https://www.hackingarticles.in/symfonos3-vulnhub-walkthrough/)| 336 | |12. |[Tr0ll 1](https://www.hackingarticles.in/hack-the-troll-1-vm-boot-to-root/)| 337 | |13. |[DC:7](https://www.hackingarticles.in/dc7-vulnhub-walkthrough/)| 338 | |14. |[View2aKill](https://www.hackingarticles.in/view2akill-vulnhub-walkthrough/)| 339 | |15. |[CengBox:1](https://www.hackingarticles.in/cengbox-1-vulnhub-walkthrough/)| 340 | |16. |[Broken 2020: 1](https://www.hackingarticles.in/broken-2020-1-vulnhub-walkthrough/)| 341 | |17. |[CengBox:2](https://www.hackingarticles.in/cengbox-2-vulnhub-walkthrough/)| 342 | |18. |[HA:Narak](https://www.hackingarticles.in/ha-narak-vulnhub-walkthrough/)| 343 | 344 | 345 | ## Buffer Overflow [⤴](#table-of-contents) 346 | | No | Machine Name | 347 | |----|---------------------------------------------------------------------------------------------------------| 348 | |1. |[Tr0ll 2](https://www.hackingarticles.in/hack-the-tr0ll-2-boot2root-challenge/)| 349 | |2. |[IMF](https://www.hackingarticles.in/hack-imf-vm-ctf-challenge/)| 350 | |3. |[BSides London 2017](https://www.hackingarticles.in/hack-the-bsides-london-vm-2017boot2root/)| 351 | |4. |[PinkyPalace](https://www.hackingarticles.in/hack-the-pinkypalace-vm-ctf-challenge/)| 352 | |5. |[ROP Primer](https://www.hackingarticles.in/hack-the-rop-primer-1-0-1-ctf-challenge/)| 353 | |6. |[CTF KFIOFAN:2](https://www.hackingarticles.in/ctf-kfiofan-2-vulnhub-walkthorugh/)| 354 | |7. |[Kioptrix : Level 1](https://www.hackingarticles.in/hack-the-kioptrix-level-1/)| 355 | |8. |[Silky-CTF: 0x02](https://www.hackingarticles.in/silky-ctf-0x02-vulhub-walkthrough/)| 356 | 357 | 358 | 359 | ## Docker [⤴](#table-of-contents) 360 | | No | Machine Name | 361 | |----|---------------------------------------------------------------------------------------------------------| 362 | |1. |[Donkey Docker](https://www.hackingarticles.in/hack-donkeydocker-ctf-challenge/)| 363 | |2. |[Game of Thrones](https://www.hackingarticles.in/hack-game-thrones-vm-ctf-challenge/)| 364 | |3. |[HackinOS:1](https://www.hackingarticles.in/hackinos1-vulnhub-lab-walkthrough/)| 365 | |4. |[HA: Chakravyuh](https://www.hackingarticles.in/ha-chakravyuh-vulnhub-walkthrough/)| 366 | |5. |[Mumbai:1](https://www.hackingarticles.in/mumbai1-vulnhub-walkthrough/)| 367 | |6. |[Sunset:dusk](https://www.hackingarticles.in/sunset-dusk-vulnhub-walkthrough/)| 368 | |7. |[Pwned:1](https://www.hackingarticles.in/pwned-1-vulnhub-walkthorugh/)| 369 | 370 | 371 | ## Chkrootkit [⤴](#table-of-contents) 372 | | No | Machine Name | 373 | |----|---------------------------------------------------------------------------------------------------------| 374 | |1. |[SickOS 1.2](https://www.hackingarticles.in/hack-the-sickos-1-2-vm-ctf-challenge/)| 375 | |2. |[Sedna](https://www.hackingarticles.in/hack-sedna-vm-ctf-challenge/)| 376 | |3. |[HA: Chanakya](https://www.hackingarticles.in/ha-chanakya-vulnhub-walkthrough/)| 377 | |4. |[Sunset: decoy](https://www.hackingarticles.in/sunset-decoy-vulnhub-walkthrough/)| 378 | 379 | 380 | ## Bruteforce [⤴](#table-of-contents) 381 | | No | Machine Name | 382 | |----|---------------------------------------------------------------------------------------------------------| 383 | |1. |[Rickdiculouslyeasy](https://www.hackingarticles.in/hack-rickdiculouslyeasy-vm-ctf-challenge/)| 384 | |2. |[RootThis : 1](https://www.hackingarticles.in/vulnhub-rootthis-1-walkthrough/)| 385 | |3. |[LAMPSecurity: CTF 8](https://www.hackingarticles.in/hack-the-lampsecurity-ctf8-ctf-challenge-2/)| 386 | |4. |[Cyberry:1](https://hackingarticles.in/hack-vm-cyberry-1boot2root-challenge/)| 387 | |5. |[Born2root](https://www.hackingarticles.in/hack-born2root-vm-ctf-challenge/) | 388 | 389 | 390 | ## Crack /etc/shadow [⤴](#table-of-contents) 391 | | No | Machine Name | 392 | |----|---------------------------------------------------------------------------------------------------------| 393 | |1. |[DE-ICE:S1.140](https://www.hackingarticles.in/hack-the-de-ice-s1-140-boot-to-root/)| 394 | |2. |[Minotaur](https://www.hackingarticles.in/hack-minotaur-vm-ctf-challenge/)| 395 | |3. |[Moonraker:1](https://www.hackingarticles.in/moonraker1-vulnhub-walkthrough/)| 396 | |4. |[Basic Penetration](https://www.hackingarticles.in/hack-the-basic-penetration-vm-boot2root-challenge/)| 397 | |5. |[W1R3S.inc](https://www.hackingarticles.in/hack-the-w1r3s-inc-vm-ctf-challenge/)| 398 | 399 | 400 | ## NFS [⤴](#table-of-contents) 401 | | No | Machine Name | 402 | |----|---------------------------------------------------------------------------------------------------------| 403 | |1. |[Orcus](https://www.hackingarticles.in/hack-orcus-vm-ctf-challenge/)| 404 | |2. |[FourAndSix](https://www.hackingarticles.in/hack-the-fourandsix-ctf-challenge/)| 405 | 406 | 407 | ## Json [⤴](#table-of-contents) 408 | | No | Machine Name |Json| 409 | |----|-----------------------------------------------------------------------------------------|-------| 410 | |1. |[MinU: 1](https://www.hackingarticles.in/hack-the-minu-1-ctf-challenge/)| Json Token| 411 | |2. |[Symfonos:4](https://www.hackingarticles.in/symfonos4-vulnhub-walkthrough/)| Json Pickle| 412 | 413 | 414 | ## Redis [⤴](#table-of-contents) 415 | | No | Machine Name | 416 | |----|---------------------------------------------------------------------------------------------------------| 417 | |1. |[Gemini inc:2](https://www.hackingarticles.in/hack-the-gemini-inc2-ctf-challenge/)| 418 | 419 | 420 | ## LXD [⤴](#table-of-contents) 421 | | No | Machine Name | 422 | |----|---------------------------------------------------------------------------------------------------------| 423 | |1. |[AI: Web: 2](https://www.hackingarticles.in/ai-web-2-vulnhub-walkthrough/)| 424 | |2. |[HA: Joker](https://www.hackingarticles.in/ha-joker-vulnhub-walkthrough/)| 425 | |3. |[CyNix:1](https://www.hackingarticles.in/cynix1-vulnhub-walkthrough/)| 426 | 427 | 428 | 429 | ## ALL [⤴](#table-of-contents) 430 | | No | Machine Name | 431 | |----|---------------------------------------------------------------------------------------------------------| 432 | |1. |[Lin.Security](https://www.hackingarticles.in/hack-the-lin-security-vm-boot-to-root/)| 433 | |2. |[Escalate_Linux](https://www.hackingarticles.in/escalate_linux-vulnhub-walkthrough-part-1/)| 434 | |3. |[Jigsaw:1](https://www.hackingarticles.in/jigsaw1-vulnhub-walkthrough/)| 435 | 436 | 437 | ## Exim[⤴](#table-of-contents) 438 | | No | Machine Name | 439 | |----|---------------------------------------------------------------------------------------------------------| 440 | | 1. |[DC:8](https://www.hackingarticles.in/dc8-vulnhub-walkthrough/) | 441 | 442 | 443 | ## Apache2 Writable [⤴](#table-of-contents) 444 | | No | Machine Name | 445 | |----|---------------------------------------------------------------------------------------------------------| 446 | |1.|[Torment](https://www.hackingarticles.in/digitalworld-localtorment-vulnhub-walkthrough/)| 447 | |2.|[HA: Armour](https://www.hackingarticles.in/ha-armour-walkthrough/)| 448 | |3.|[HA: Natraj](https://www.hackingarticles.in/ha-natraj-vulnhub-walkthrough/) 449 | -------------------------------------------------------------------------------- /Redis.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by Redis (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which privilege Escalation would be done by Redis. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | | No | Machine Name | 10 | |----|---------------------------------------------------------------------------------------------------------| 11 | |1. |[Gemini inc:2](https://www.hackingarticles.in/hack-the-gemini-inc2-ctf-challenge/)| 12 | -------------------------------------------------------------------------------- /SUID Bit.md: -------------------------------------------------------------------------------- 1 | # Privilege Escalation by SUID Bit (Vulnhub) 2 | 3 | This is a List of CTF Challenges in which privilege Escalation would be done by SUID Bits. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 4 | 5 | [1.1]: http://i.imgur.com/tXSoThF.png 6 | [1]: http://www.twitter.com/rajchandel 7 | # Follow us on [![alt text][1.1]][1] 8 | 9 | |No.| Machine Name |SUID Bit| 10 | |-------|------------------------------|-------| 11 | |1.|[Kevgir](https://www.hackingarticles.in/hack-kevgir-vm-ctf-challenge/)|cp| 12 | |2.|[digitalworld.local - BRAVERY](https://www.hackingarticles.in/digitalworld-local-bravery-vulnhub-walkthrough/)|cp| 13 | |3.|[Happycorp : 1](https://www.hackingarticles.in/happycorp1-vulnhub-walkthrough/)|cp| 14 | |4.|[FourAndSix : 2](https://www.hackingarticles.in/fourandsix-2-vulnhub-walkthrough/)|doas| 15 | |5.|[DC-1](https://www.hackingarticles.in/dc-1-vulnhub-walkthrough/)|find| 16 | |6.|[dpwwn:2](https://www.hackingarticles.in/dpwwn2-vulnhub-walkthrough/)|find| 17 | |7.|[MinU: v2](https://www.hackingarticles.in/minu-v2-vulnhub-walkthrough/)|Micro Editor| 18 | |8.|[Toppo:1](https://www.hackingarticles.in/hack-the-toppo1-vm-ctf-challenges/)|python 2.7/mawk| 19 | |9.|[Mr. Robot](https://www.hackingarticles.in/hack-mr-robot-vm-ctf-challenge/)|nmap| 20 | |10.|[Covfefe](https://www.hackingarticles.in/hack-covfefe-vm-ctf-challenge/)|script| 21 | |11.|[/dev/random : K2](https://www.hackingarticles.in/hack-the-dev-random-k2-vm-boot2root-challenge/)|script| 22 | |12.|[hackme1](https://www.hackingarticles.in/hackme-1-vulnhub-walkthrough/)|script| 23 | |13.|[Sunset: dawn](https://www.hackingarticles.in/sunset-dawn-vulnhub-walkthrough/)|zsh| 24 | |14.|[HA: Wordy](https://www.hackingarticles.in/ha-wordy-vulnhub-walkthrough/)|cp| 25 | |15.|[bossplayersCTF 1](https://www.hackingarticles.in/bossplayersctf-1-vulnhub-walkthrough/)|find| 26 | |16.|[In Plain Sight:1](https://www.hackingarticles.in/in-plain-sight1-vulnhub-walkthrough/)|bwrap| 27 | -------------------------------------------------------------------------------- /Wildcard Injection.md: -------------------------------------------------------------------------------- 1 | ## Wildcard Injection 2 | This is a List of CTF Challenges in which privilege Escalation would be done by Wildcard Injection. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 3 | 4 | [1.1]: http://i.imgur.com/tXSoThF.png 5 | [1]: http://www.twitter.com/rajchandel 6 | # Follow us on [![alt text][1.1]][1] 7 | 8 | | No | Machine Name | 9 | |----|---------------------------------------------------------------------------------------------------------| 10 | |1. |[Milnet](https://www.hackingarticles.in/hack-milnet-vm-ctf-challenge/)| 11 | |2. |[Pipe](https://www.hackingarticles.in/hack-pipe-vm-ctf-challenge/)| 12 | -------------------------------------------------------------------------------- /Writable etc passwd file.md: -------------------------------------------------------------------------------- 1 | ## Writable etc/passwd file 2 | This is a List of CTF Challenges in which privilege Escalation would be done because the etc/passwd file is Writable. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 3 | 4 | [1.1]: http://i.imgur.com/tXSoThF.png 5 | [1]: http://www.twitter.com/rajchandel 6 | # Follow us on [![alt text][1.1]][1] 7 | 8 | | No | Machine Name | 9 | |----|---------------------------------------------------------------------------------------------------------| 10 | |1. |[Hackday Albania](https://www.hackingarticles.in/hack-hackday-albania-vm-ctf-challenge/)| 11 | |2. |[Billu Box 2](https://www.hackingarticles.in/hack-billu-b0x-vm-boot2root-challenge/)| 12 | |3. |[Bulldog 2](https://www.hackingarticles.in/hack-the-bulldog2-ctf-challenge/)| 13 | |4. |[AI: Web: 1](https://www.hackingarticles.in/ai-web-1-vulnhub-walkthrough/)| 14 | |5. |[Westwild: 2](https://www.hackingarticles.in/westwild-2-vulnhub-walkthrough/)| 15 | |6. |[Misdirection 1](https://www.hackingarticles.in/misdirection-1-vulnhub-walkthrough/)| 16 | |7. |[HA: ISRO](https://www.hackingarticles.in/ha-isro-vulnhub-walkthrough/)| 17 | |8. |[Gears of War: EP#1](https://www.hackingarticles.in/gears-of-war-ep1-vulnhub-walkthrough/)| 18 | -------------------------------------------------------------------------------- /Writable files or script as root.md: -------------------------------------------------------------------------------- 1 | ## Writable files or script as root 2 | This is a List of CTF Challenges in which privilege Escalation would be done by some writable file or script that can be executed as root. Clicking on the Lab Name, will redirect you to the writeup of that particular lab on [hackingarticles](https://www.hackingarticles.in). We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to [Pavandeep Singh](https://www.linkedin.com/in/pavan2318). 3 | 4 | [1.1]: http://i.imgur.com/tXSoThF.png 5 | [1]: http://www.twitter.com/rajchandel 6 | # Follow us on [![alt text][1.1]][1] 7 | 8 | | No | Machine Name | 9 | |----|---------------------------------------------------------------------------------------------------------| 10 | |1. |[Skydog](https://www.hackingarticles.in/hack-skydog-vm-ctf-challenge/)| 11 | |2. |[Breach 1.0](https://www.hackingarticles.in/hack-breach-1-0-vm-ctf-challenges/)| 12 | |3. |[Bot Challenge: Dexter](https://www.hackingarticles.in/hack-bot-challenge-dexter-boot2root-challenge/)| 13 | |4. |[Fowsniff : 1](https://www.hackingarticles.in/fowsniff-1-vulnhub-walkthrough/)| 14 | |5. |[Mercy](https://www.hackingarticles.in/mercy-vulnhub-walkthrough/)| 15 | |6. |[Casino Royale](https://www.hackingarticles.in/casino-royale-1-vulnhub-walkthrough/)| 16 | |7. |[SP eric](https://www.hackingarticles.in/sp-eric-vulnhub-lab-walkthrough/)| 17 | |8. |[PumpkinGarden](https://www.hackingarticles.in/pumpkingarden-vulnhub-walkthrough/)| 18 | |9. |[Tr0ll: 3](https://www.hackingarticles.in/tr0ll-3-vulnhub-walkthrough/)| 19 | |10. |[Nezuko:1](https://www.hackingarticles.in/nezuko-1-vulnhub-walkthrough/)| 20 | |11. |[Symfonos:3](https://www.hackingarticles.in/symfonos3-vulnhub-walkthrough/)| 21 | |12. |[Tr0ll 1](https://www.hackingarticles.in/hack-the-troll-1-vm-boot-to-root/)| 22 | |13. |[DC:7](https://www.hackingarticles.in/dc7-vulnhub-walkthrough/)| 23 | --------------------------------------------------------------------------------