Tenet was a medium box running WordPress, for the few users it might be a hard box because the user shell was exploiting a PHP deserialization. The privilege escalation was not complicated as the user shell. Tenet means “a principle or belief, especially one of the main principles of a religion or philosophy.” The box had a historical connection that has been mentioned at the end of this writeup. The initial phase of the Nmap scan gave two ports....
Scriptkiddie was an easy box with a Metasploit installation and a Metasploit exploit to start with. Easy boxes are always made with a CVE and the exploitation as a user was trivial. Metasploit is regarded as a script kiddie tool since it does not teach you anything rather than running automated exploits, but it comes in handy when you have to perform pivoting or testing on misconfigured NFS. Personally, it is a nifty tool that is very useful when exploits are breaking and compiling becomes a pain....
Ready was a medium box running a Gitlab instance with a direct exploit. Even though it was a medium box, the exploitation was straightforward from user to root. The root section might tangle a bit if you are not aware of the environment you are in. The initial phase of the Nmap scan gave two ports. There was no port 80 but port 5080 was running Nginx, hence jumping straight to the IP without a Nmap scan is not a good approach, because there might be webservers running in different ports like for this box and new hosts that are specific to the machines (ex: machinename....
Laboratory was an easy machine with a direct exploit for the user,but it was hard to exploit in terms of stability. The user shell was clumsy and the git instance returned 502 in between the exploit phase.It had GitLab instance running as a vhost and that was the reason for the name. Dexter from the animated series “Dexter’s Laboratory” was the CEO of the laboratory. The exploit was similar to a currently active box....
Time was a medium box and it might end up as a hard box if you are not good at reading the output and the errors. This box has no connection with time privilege escalation but it has a similarity. It had an Apache server hosting a PHP website. Nmap scan for time had only two ports,80 & 22. The versions seemed to be stable without any potential vulnerabilities. Nmap scan gave a hint it might be something related to JSON....