- Task 1 Introduction
- Task 2 Accessing machines
- Task 3 [Severity 1] Injection
- Task 4 [Severity 1] OS Command Injection
- Task 5 [Severity 1] Command Injection Practical
- What strange text file is in the website root directory?
- How many non-root/non-service/non-daemon users are there?
- What user is this app running as?
- What is the user's shell set as?
- What version of Ubuntu is running?
- Print out the MOTD. What favorite beverage is shown?
- Task 6 [Severity 2] Broken Authentication
- Task 7 [Severity 2] Broken Authentication Practical
- What is the flag that you found in darren's account?
- Now try to do the same trick and see if you can login as arthur.
- What is the flag that you found in arthur's account?
- Task 8 [Severity 3] Sensitive Data Exposure (Introduction)
- Task 9 [Severity 3] Sensitive Data Exposure (Supporting Material 1)
- Task 10 [Severity 3] Sensitive Data Exposure (Supporting Material 2)
- Task 11 [Severity 3] Sensitive Data Exposure (Challenge)
- What is the name of the mentioned directory?
- Navigate to the directory you found in question one. What file stands out as being likely to contain sensitive data?
- Use the supporting material to access the sensitive data. What is the password hash of the admin user?
- Crack the hash.What is the admin's plaintext password?
- Login as the admin. What is the flag?