Remote was an easy Windows box that involved some research into the Umbraco CMS, and abusing access to an NFS share. Escalating privileges required enumerating services on the box and modifying settings to inject commands. I went the standard route using common tools such as Nishang and PowerSploit for PowerShell.

Logo Creator OS Difficulty Points Graph TRX Windows Hard 40 Reconnaissance Control is a Windows host with a few twists and turns added to some standard services. I used HTTP headers to bypass a required proxy and exploited a SQL injection in the backend database to get credentials. I was then able to exploit my file read and write access through MariaDB to upload a webshell and eventually secure a standard reverse shell with netcat.