App - Script

Exploit environment weaknesses, configuration mistakes and vulnerability patterns in scripts and systems.

For each of these challenges, you will be provided with connection credentials such as SSH access or a network socket. Depending on the challenge you will need to elevate your privileges or escape the sandbox by exploiting the provided environment.

Prerequisites:
– Some knowledge of the UNIX shell and of common UNIX privilege escalation techniques
– Advanced understanding of scripting languages such as Python, Perl, PHP in order to escape jails

33 Challenges

Results	Name	Validations	Number of points	Difficulty	Author ↓↑	Note	Solution	Date
	Bash - cron	4% 12252	20		g0uZ		8	6 May 2013
	Python - input()	6% 18163	20		g0uZ		11	27 May 2014
	Bash - System 1	15% 49044	5		Lu33Y		10	8 February 2012
	Bash - System 2	9% 28798	10		Lu33Y		10	8 February 2012
	Perl - Command injection	4% 13145	15		Tosh		9	11 August 2015
	Python - Jail - Exec	1% 1794	50		Arod		3	23 February 2015
	Python - pickle	2% 5351	25		koma		10	7 September 2012
	Python - PyJail 1	3% 6922	35		sambecks		5	3 January 2015
	sudo - weak configuration	10% 32617	5		notfound404		5	6 February 2012
	Python - PyJail 2	2% 4241	40		zM_		10	17 February 2015
	Javascript - Jail	1% 461	55		waxous		4	7 December 2016
	Deep learning - Malicious model	1% 11	70		blackndoor		0	26 July 2024
	Bash - Restricted shells	1% 2949	60		Yorin		9	14 January 2017
	Python - Jail - Garbage collector	1% 574	55		n0d		5	12 August 2017
	PHP - Jail	1% 790	40		LordRoke		10	1 March 2019
	Shared Objects hijacking	1% 823	30		das		2	5 March 2020
	SSH - Agent Hijacking	1% 2207	30		mayfly		5	7 October 2018
	Bash - quoted expression injection	1% 1566	30		sbrk		6	26 October 2020
	Bash - race condition	1% 547	35		sbrk		10	5 May 2020
	Bash - unquoted expression injection	2% 6614	15		sbrk		5	26 October 2020
	Python - Eval Is Evil	1% 85	60		Mister7F		1	28 December 2023
	AppArmor - Jail Medium	1% 137	35		nivram		1	25 September 2023
	AppArmor - Jail Introduction	1% 527	15		nivram		4	10 May 2023
	Powershell - Command Injection	2% 6163	10		hat.time		7	19 June 2020
	Powershell - Basic jail	1% 1224	25		hat.time		10	19 June 2020
	Powershell - SecureString	1% 3158	15		hat.time		4	19 June 2020
	R: Code Execution	1% 824	20		Fey		6	25 September 2023
	Docker - Talk through me	1% 669	35		Nishacid		2	24 February 2022
	Docker - Sys-Admin’s Docker	1% 994	30		Nishacid		3	24 February 2022
	Docker - I am groot	1% 2678	15		Nishacid		2	24 February 2022
	Python - format string	1% 1163	35		lovasoa		1	26 March 2021
	LaTeX - Input	2% 4358	10		Podalirius , Mhd_Root		5	17 March 2021
	LaTeX - Command execution	1% 2036	20		Podalirius , Mhd_Root		3	17 March 2021

Challenge Results

Pseudo	Challenge	Lang	Date
ShackWove	Powershell - Command Injection		7 November 2024 at 18:52
Armelin	Python - input()		7 November 2024 at 18:30
SHANTARAM	Bash - System 1		7 November 2024 at 18:23
alex	Bash - System 1		7 November 2024 at 18:15
t3s54	Bash - System 1		7 November 2024 at 18:07
MisterDam	Bash - unquoted expression injection		7 November 2024 at 17:48
nicopoth	Bash - System 1		7 November 2024 at 17:40
allan	Bash - System 1		7 November 2024 at 17:37
Amnesyx	Perl - Command injection		7 November 2024 at 17:34
Amnesyx	Bash - unquoted expression injection		7 November 2024 at 17:23