Tag: linux (36)

Getting Started With Kernel Exploitation

This is my first time setting up QEMU, debugging kernel with GDB, and exploiting kernel modules for privilege escalation and...

linux kernel kernel-module qemu privilege-escalation seccomp

December 9, 2025 • December 6, 2025 • Research

Research

Reproducing Nimbuspwn: Linux Privilege Escalation via Path Traversal and TOCTOU in networkd-dispatcher

A technical walkthrough of reproducing Nimbuspwn (CVE-2022-29799 and CVE-2022-29800), privilege escalation vulnerabilities in networkd-dispatcher exploiting path traversal and TOCTOU race...

path-traversal toc-tou race-condition code-review linux privilege-escalation from-day-zero-to-zero-day reproducing d-bus systemd-networkd networkd-dispatcher sink-to-source cve-2022-29799 cve-2022-29800

November 14, 2025 • November 9, 2025 • Research

Research

Reproducing CVE-2020-8831: Privilege Escalation via Symlink Attack on Apport's Lock File Implementation

CVE-2020-8831 is a vulnerability where an attacker can create a symlink at /var/lock/apport, redirecting Apport's lock file location and leading...

symlink lock-file apport cve-2020-8831 reproducing privilege-escalation linux from-day-zero-to-zero-day code-review

November 9, 2025 • November 8, 2025 • Research

HackTheBox > Labs

Footprinting Lab

linux ftp private-key-discovery

November 4, 2025 • September 23, 2025 • Easy

HackTheBox > Labs

Footprinting Lab

linux pop3 imap snmp private-key-discovery mysql

November 4, 2025 • September 23, 2025 • Hard

TryHackMe > Linux Machines

Rabbit Hole

It's easy to fall into rabbit holes.

linux sql-injection mariadb mysql information-schema-processlist xss python

November 4, 2025 • September 17, 2025 • Hard

TryHackMe > Linux Machines

TryHack3M: Subscribe

Can you help Hack3M reach 3M subscribers?

linux tryhack3m bypass-filter cookie mysql sql-injection splunk log-file forensic error-based-sql-injection

November 4, 2025 • September 7, 2025 • Medium

CheatSheets

File Transfers Cheatsheet

Các kỹ thuật truyền tải file đến và từ máy mục tiêu (Windows & Linux)

windows linux av-evasion bypass-firewall cheatsheet

November 4, 2025 • September 5, 2025 • Info

TryHackMe > Linux Machines

Year of the Pig

Some pigs do fly...

year-of-the linux dictionary-attack brute-force custom-wordlist python php reverse-shell sudo sudoedit cve-2015-5602 bypass-filter crawling

November 4, 2025 • September 3, 2025 • Hard

TryHackMe > Linux Machines

Year of the Fox

Don't underestimate the sly old fox...

year-of-the linux smb dictionary-attack bypass-filter command-injection sudo local-service tunneling decompiling binary-hijacking python

November 4, 2025 • September 2, 2025 • Hard

TryHackMe > Linux Machines

Year of the Rabbit

Time to enter the warren...

linux year-of-the ftp image-file sudo exim cups cve-2019-14287 brainfuck dictionary-attack local-service tunneling cve-2016-1531 cve-2015-1158

November 4, 2025 • August 28, 2025 • Easy

TryHackMe > Linux Machines

Year of the Dog

Always so polite...

linux year-of-the sql-injection file-read mysql sqlite3 php web-shell reverse-shell tunneling local-service gitea rce docker docker-breakout cve-2020-14144 sudo suid git cookie

November 4, 2025 • August 27, 2025 • Hard

TryHackMe > Linux Machines

Year of the Jellyfish

Some boxes sting...

linux year-of-the picocms monitorr rce php web-shell reverse-shell jellyfin snapd cve-2019-7304-dirty-sock bypass-filter phtml python cookie subdomain

November 4, 2025 • August 27, 2025 • Hard

TryHackMe > Linux Machines

Silver Platter

Can you breach the server?

linux silverpeas cve-2024-36042 reverse-shell jsp idor adm-group log-file sudo hacksmarter subdomain

November 4, 2025 • August 21, 2025 • Easy

TryHackMe > Linux Machines

Zeno

Do you have the same patience as the great stoic philosopher Zeno? Try it out!

linux restaurent-management-system rce web-shell reverse-shell mariadb mysql service-exploit config-file sudo suid subdomain

November 4, 2025 • August 21, 2025 • Medium

TryHackMe > Linux Machines

CMesS

Can you root this Gila CMS box?

linux gila rce reverse-shell cronjob config-file mysql wildcard subdomain

November 4, 2025 • August 20, 2025 • Medium

TryHackMe > Linux Machines

tomghost

Identify recent vulnerabilities to try exploit the system or read files that you should not have access to.

linux apache-tomcat cve-2020-1938-ghostcat lfi file-read pgp sudo metasploit

November 4, 2025 • August 20, 2025 • Easy

TryHackMe > Linux Machines

LazyAdmin

Easy linux machine to practice your skills.

linux sweetrice mysql web-shell reverse-shell sudo cronjob

November 4, 2025 • August 19, 2025 • Easy

TryHackMe > Linux Machines

Thompson

boot2root machine for FIT and bsides guatemala CTF.

linux apache-tomcat reverse-shell cronjob suid metasploit

November 4, 2025 • August 19, 2025 • Easy

TryHackMe > Linux Machines

GoldenEye

Bond, James Bond. A guided CTF.

linux pop3 moodle image-file dictionary-attack rce cve-2013-3630 reverse-shell python kernel-exploit cve-2015-1328

November 4, 2025 • August 18, 2025 • Medium

TryHackMe > Linux Machines

dogcat

I made a website where you can look at pictures of dogs and/or cats! Exploit a PHP application via LFI...

linux lfi lfi2rce php php-filter log-poisoning rce sudo docker docker-breakout cronjob bypass-filter

November 4, 2025 • August 14, 2025 • Medium

TryHackMe > Linux Machines

Boiler CTF

Intermediate level CTF.

linux ftp caesar rot13 joomla sar2html webmin rce log-file suid

November 4, 2025 • August 14, 2025 • Medium

TryHackMe > Linux Machines

Internal

Penetration Testing Challenge.

linux php wordpress rce dictionary-attack web-shell reverse-shell mysql jenkins local-service config-file tunneling groovy-script docker

November 4, 2025 • August 6, 2025 • Hard

TryHackMe > Linux Machines

Daily Bugle

Compromise a Joomla CMS account via SQLi, practise cracking hashes and escalate your privileges by taking advantage of yum.

linux joomla mariadb sql-injection cve-2017-8917 sqlmap rce config-file reverse-shell php sudo

November 4, 2025 • August 5, 2025 • Hard

TryHackMe > Linux Machines

Skynet

A vulnerable Terminator themed Linux machine.

linux squirrelmail smb dictionary-attack log-file cuppa lfi rfi php web-shell reverse-shell rce cronjob wildcard

November 4, 2025 • August 4, 2025 • Easy

TryHackMe > Linux Machines

Game Zone

Learn to hack into this machine. Understand how to use SQLMap, crack some passwords, reveal services using a reverse SSH...

linux mysql sql-injection sqlmap local-service tunneling webmin cve-2012-2982 rce reverse-shell metasploit

November 4, 2025 • August 4, 2025 • Easy

HackTheBox > Machines > Linux

Nibbles

Nibbles is a fairly simple machine, however with the inclusion of a login blacklist, it is a fair bit more...

linux nibbleblog php rce cve-2015-6967 web-shell reverse-shell metasploit dictionary-attack sudo

November 4, 2025 • August 2, 2025 • Easy

TryHackMe > Linux Machines

Kenobi

Walkthrough on exploiting a Linux machine. Enumerate Samba for shares, manipulate a vulnerable version of proftpd and escalate your privileges...

linux smb log-file rpc nfs ftp cve-2015-3306 suid binary-hijacking private-key-discovery

November 4, 2025 • July 25, 2025 • Easy

TryHackMe > Linux Machines

UltraTech

The basics of Penetration Testing, Enumeration, Privilege Escalation and WebApp testing.

linux command-injection rce sqlite3 docker docker-group bypass-filter youtube

November 4, 2025 • July 22, 2025 • Medium

TryHackMe > Linux Machines

Anonymous

Not the hacking group.

linux ftp cronjob rce log-file reverse-shell suid

November 4, 2025 • July 22, 2025 • Medium

TryHackMe > Linux Machines

Cheese CTF

Inspired by the great cheese talk of THM!

linux lfi lfi2rce rce php php-filter mysql sudo service-exploit suid bypass-filter

November 4, 2025 • July 21, 2025 • Easy

TryHackMe > Linux Machines

0day

Exploit Ubuntu, like a Turtle in a Hurricane.

linux cve-2014-6271-shellshock rce cgi dictionary-attack reverse-shell kernel-exploit cve-2015-1328 youtube

November 4, 2025 • July 21, 2025 • Medium

TryHackMe > Linux Machines

Wonderland

Fall down the rabbit hole and enter wonderland.

linux sudo python library-hijacking capabilities binary-hijacking decompiling youtube

November 4, 2025 • July 16, 2025 • Medium

TryHackMe > Linux Machines

TryHack3M: Bricks Heist

Crack the code, command the exploit! Dive into the heart of the system with just an RCE CVE as your...

linux tryhack3m wordpress bricks rce cve-2024-25600 service-exploit bitcoin forensic osint

November 4, 2025 • July 14, 2025 • Easy

TryHackMe > Linux Machines

Smol

Test your enumeration skills on this boot-to-root machine.

linux wordpress lfi file-read jsmol2wp cve-2018-20463 config-file mysql web-shell reverse-shell sudo youtube private-key-discovery

November 4, 2025 • July 12, 2025 • Medium

TryHackMe > Linux Machines

Basic Pentesting

This is a machine that allows you to practise web app hacking and privilege escalation.

linux smb dictionary-attack youtube private-key-discovery

November 4, 2025 • July 10, 2025 • Easy