All Posts

The application has remote code execution (RCE) vulnerabilities in the ReportLab library and privilege escalation via "Shared Library Hijacking".

The application has the following vulnerabilities: endpoint enumeration via FUZZ, SQL Injection, remote command execution (RCE), and privilege escalation via Linux capabilities.

This is a HackingClub championship machine where we found an IDOR that provides initial access and Privilege Escalation through XAMPP.

The Calc machine is vulnerable to code injection, unauthorized file access, and Python library hijacking for privilege escalation.

The Poisoning machine has an LFI vulnerability exploited with Log Poisoning for RCE execution, followed by privilege escalation using Python with cap_setuid+ep capability for root.