The machine was part of my workshop for Hacker Fest 2019 at Prague.
Difficulty level of this VM is very “very easy”. There are two paths for exploit it.
- There are no intentional rabbit holes.
- Through a vulnerable "[retracted]". Exploit is part of MSF.
- Through vulnerable "[retracted]".
- Can be found by "[retracted]".
- There is a "[retracted]" injection (exploit is part of MSF).
- Recovered credentials (username + hash) can be cracked by John and rockyou.txt wordlist.
- Low priv shell can be gained through MSF exploit or trying the credentials against "[retracted]".
- Priv. esc. is simply done by "[retracted]".