{"id":13538521,"url":"https://github.com/ignitetechnologies/privilege-escalation","last_synced_at":"2025-04-09T14:06:17.221Z","repository":{"id":40643725,"uuid":"203941254","full_name":"Ignitetechnologies/Privilege-Escalation","owner":"Ignitetechnologies","description":"This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.","archived":false,"fork":false,"pushed_at":"2023-02-11T20:47:44.000Z","size":178,"stargazers_count":3373,"open_issues_count":2,"forks_count":630,"subscribers_count":122,"default_branch":"master","last_synced_at":"2025-03-26T12:31:07.977Z","etag":null,"topics":["cheatsheet","ctf","ctf-challenges","ctf-writeups","hack","hacking","oscp","oscp-journey","oscp-prep","privilege-escalation","vulnhub"],"latest_commit_sha":null,"homepage":"https://hackingarticles.in","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ignitetechnologies.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2019-08-23T06:51:28.000Z","updated_at":"2025-03-25T06:50:46.000Z","dependencies_parsed_at":"2022-07-14T08:49:31.519Z","dependency_job_id":"9f2f4b73-f22a-4cbc-9a35-de8d20826dbf","html_url":"https://github.com/Ignitetechnologies/Privilege-Escalation","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ignitetechnologies%2FPrivilege-Escalation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ignitetechnologies%2FPrivilege-Escalation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ignitetechnologies%2FPrivilege-Escalation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ignitetechnologies%2FPrivilege-Escalation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ignitetechnologies","download_url":"https://codeload.github.com/Ignitetechnologies/Privilege-Escalation/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246819770,"owners_count":20839095,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cheatsheet","ctf","ctf-challenges","ctf-writeups","hack","hacking","oscp","oscp-journey","oscp-prep","privilege-escalation","vulnhub"],"created_at":"2024-08-01T09:01:13.066Z","updated_at":"2025-04-02T13:00:26.940Z","avatar_url":"https://github.com/Ignitetechnologies.png","language":null,"funding_links":[],"categories":["\u003ca id=\"c7f35432806520669b15a28161a4d26a\"\u003e\u003c/a\u003eCTF\u0026\u0026HTB"],"sub_categories":["\u003ca id=\"e64cedb2d91d06b3eeac5ea414e12b27\"\u003e\u003c/a\u003eCTF"],"readme":"# Privilege Escalation Cheatsheet (Vulnhub)\r\n\r\nThis cheatsheet is aimed at CTF players and beginners to help them understand the fundamentals of privilege escalation with examples. It is not a cheatsheet for enumeration using Linux Commands. Privilege escalation is all about proper enumeration. There are multiple ways to perform the same task. We have performed and compiled this list based on our experience. Please share this with your connections and direct queries and feedback to [Hacking Articles](https://twitter.com/hackinarticles).\r\n\r\n[1.5]: https://raw.githubusercontent.com/Ignitetechnologies/Windows-Privilege-Escalation/main/linked.png\r\n[1.6]: https://www.linkedin.com/company/hackingarticles/\r\n[1.3]: https://raw.githubusercontent.com/Ignitetechnologies/Windows-Privilege-Escalation/main/discord.png\r\n[1.4]: https://discord.com/invite/kyKvXwK4Bk\r\n[1.1]: https://raw.githubusercontent.com/Ignitetechnologies/Windows-Privilege-Escalation/main/twitter.png\r\n[1]: http://www.twitter.com/hackinarticles\r\n# Follow us on [![alt text][1.1]][1] [![alt text][1.3]][1.4] [![alt text][1.5]][1.6]\r\n\r\n\u003cimg src=\"https://github.com/Ignitetechnologies/Mindmap/blob/main/Vulnhub/%20Vulnhub%20Privs%20Cheatsheet%20UHD.png\" alt=\"cheatsheet\" border=\"0\"\u003e\r\n\r\n\r\nTable of Contents\r\n=================\r\n\r\n* [Abusing Sudo Rights](#sudo)\r\n* [SUID Bit](#suid)\r\n* [Kernel Exploit](#kernel)\r\n* [Path Variable](#path)\r\n* [Enumeration](#enum)\r\n* [MySQL](#mysql)\r\n* [Cronjob](#cronjob)\r\n* [Wildcard Injection](#wild)\r\n* [Capabilities](#capabilities)\r\n* [Writable /etc/passwd file](#etc)\r\n* [Writable files or script](#root)\r\n* [Buffer Overflow](#buffer)\r\n* [Docker](#docker)\r\n* [Chkrootkit](#chkrootkit)\r\n* [Bruteforce](#bruteforce)\r\n* [Crack /etc/shadow](#shadow)\r\n* [NFS](#nfs)\r\n* [Json](#json)\r\n* [Redis](#redis)\r\n* [LXD](#lxd)\r\n* [All](#all)\r\n* [Exim](#exim)\r\n* [Apache2 Writable](#apache2)\r\n\r\n\u003ca name=\"sudo\"\u003e\u003c/a\u003e\r\n## Abusing Sudo Rights [⤴](#table-of-contents)\r\n\r\n|No.|Machine Name|Files/Binaries|\r\n|-------|--------------|----------------|\r\n|1.|[Ted:1](https://www.hackingarticles.in/ted1-vulnhub-walkthrough/)|apt-get|\r\n|2.|[KFIOFan : 1](https://www.hackingarticles.in/kfiofan1-vulnhub-walkthrough/)|awk|\r\n|3.|[21 LTR: Scene1](https://www.hackingarticles.in/hack-the-21ltr-scene-1-vm-boot-to-root/)|cat| \r\n|4.|[Skytower](https://www.hackingarticles.in/hack-the-skytower-ctf-chAllenge/)|cat|\r\n|5.|[Matrix : 1](https://www.hackingarticles.in/matrix-1-vulnhub-walkthrough/)|cp|\r\n|6.|[Sputnik 1](https://www.hackingarticles.in/sputnik-1-vulnhub-walkthrough/)|ed|\r\n|7.|[Sunset](https://www.hackingarticles.in/sunset-vulnhub-walkthrough/)|ed|\r\n|8.|[DC-2](https://www.hackingarticles.in/dc-2-walkthrough/)|git|\r\n|9.|[Kioptrix : Level 1.2](https://www.hackingarticles.in/hack-the-kioptrix-level-1-2-boot2root-chAllenge/)|ht|\r\n|10.|[Matrix-3](https://www.hackingarticles.in/matrix-3-vulnhub-walkthrough/)|manual|\r\n|11.|[symfonos : 2](https://www.hackingarticles.in/symfonos2-vulnhub-walkthrough/)|MySQL|\r\n|12.|[Development](https://www.hackingarticles.in/development-vulnhub-walkthrough/)|nano|\r\n|13.|[SP ike](https://www.hackingarticles.in/sp-ike-vulnhub-lab-walkthrough/)|nmap|\r\n|14.|[DC6](https://www.hackingarticles.in/dc6-lab-walkthrough/)|nmap|\r\n|15.|[Dina](https://www.hackingarticles.in/hack-dina-vm-ctf-chAllenge/)|perl|\r\n|16.|[Wakanda : 1](https://www.hackingarticles.in/hack-the-wakanda-1-ctf-chAllenge/)|pip|\r\n|17.|[Violator](https://www.hackingarticles.in/hack-the-violator-ctf-chAllenge/)|proftpd|\r\n|18.|[Broken: Gallery](https://www.hackingarticles.in/broken-gAllery-vulnhub-walkthrough/)|reboot/timedatectl|\r\n|19.|[DE-ICE:S1.120](https://www.hackingarticles.in/hack-the-de-ice-s1-120-vm-boot-to-root/)|script|\r\n|20.|[Fristileaks](https://www.hackingarticles.in/hack-fristileaks-vm-ctf-chAllenge/)|script|\r\n|21.|[DerpNStink](https://www.hackingarticles.in/hack-the-derpnstink-vm-ctf-chAllenge/)|script|\r\n|22.|[Digitalworld.local : JOY](https://www.hackingarticles.in/digitalworld-local-joy-vulnhub-walkthrough/)|script|\r\n|23.|[PumpkinFestival](https://www.hackingarticles.in/mission-pumpkin-v1-0-pumpkinfestival-vulnhub-walkthrough/)|script|\r\n|24.|[The Ether: Evil Science](https://www.hackingarticles.in/hack-ether-evilscience-vm-ctf-chAllenge/)|script|\r\n|25.|[HA:Rudra](https://www.hackingarticles.in/ha-rudra-vulnhub-walkthrough/)|script|\r\n|26.|[djinn:1](https://www.hackingarticles.in/djinn1-vulnhub-walkthrough/)|script|\r\n|27.|[UA: Literally Vulnerable](https://www.hackingarticles.in/ua-literally-vulnerable-vulnhub-walkthrough/)|script|\r\n|28.|[PumpkinRaising](https://www.hackingarticles.in/pumpkinraising-vulnhub-walkthrough/)|strace|\r\n|29.|[Unknowndevice64 : 1](https://www.hackingarticles.in/unknowndevice64-1-vulnhub-lab-walkthrough/)|strace|\r\n|30.|[Holynix: v1](https://www.hackingarticles.in/hack-the-holynix-v1-boot-2-root-chAllenge/)|tar|\r\n|31.|[Breach 2.1](https://www.hackingarticles.in/hack-breach-2-1-vm-ctf-chAllenge/)|tcpdump|\r\n|32.|[Temple of Doom](https://www.hackingarticles.in/hack-the-temple-of-doom-ctf-chAllenge/)|tcpdump|\r\n|33.|[Web Developer : 1](https://www.hackingarticles.in/web-developer-1-vulnhub-lab-walkthrough/)|tcpdump|\r\n|34.|[DC-4](https://www.hackingarticles.in/dc-4-vulnhub-walkthrough/)|teehee|\r\n|35.|[Serial: 1](https://www.hackingarticles.in/serial-1-vulnhub-walkthrough/)|vim|\r\n|36.|[Zico 2](https://www.hackingarticles.in/hack-zico2-vm-ctf-chAllenge/)|zip|\r\n|37.|[HA: Dhanush](https://www.hackingarticles.in/ha-dhanush-vulnhub-walkthrough/)|zip|\r\n|38.|[Sunset: Nightfall](https://www.hackingarticles.in/sunset-nightfall-vulnhub-walkthrough/)|cat|\r\n|39.|[HA: Infinity Stones](https://www.hackingarticles.in/ha-infinity-stones-vulnhub-walkthrough/)|ftp|\r\n|40.|[Sunset-Sunrise](https://www.hackingarticles.in/sunset-sunrise-vulnhub-walkthrough/)|wine|\r\n|41.|[Me and My Girlfreind:1](https://www.hackingarticles.in/me-and-my-girlfreind1-vulnhub-walkthrough/)|php|\r\n|42.|[Symfonos:5](https://www.hackingarticles.in/symfonos5-vulnhub-walkthrough/)|dpkg|\r\n|43.|[Five86:2](https://www.hackingarticles.in/five86-2-vulnhub-walkthrough/)| service |\r\n|44.|[Tempus Fugit:1](https://www.hackingarticles.in/tempus-fugit-1-vulnhub-walkthrough/)|Diffrent for every user|\r\n|45.|[DevRandom CTF:1.1](https://www.hackingarticles.in/devrandom-ctf1-1-vulnhub-walkthrough/)|dpkg|\r\n|46.|[Zion: 1.1](https://www.hackingarticles.in/zion-1-1-vulnhub-walkthrough/)|cp|\r\n|47.|[Seppuku:1](https://www.hackingarticles.in/seppuku1-vulnhub-walkthrough/)|script|\r\n|48.|[GitRoot: 1](https://www.hackingarticles.in/gitroot-1-vulnhub-walkthrough/)|git|\r\n|49.|[Tre:1](https://www.hackingarticles.in/tre1-vulnhub-walkthrough/)|shutdown|\r\n|50.|[BlackRose: 1](https://www.hackingarticles.in/blackrose-1-vulnhub-walkthrough/)|script|\r\n|51.|[So Simple:1](https://www.hackingarticles.in/so-simple1-vulnhub-walkthrough/)|script|\r\n|52.|[CryptoBank:1](https://www.hackingarticles.in/cryptobank-1-vulnhub-walkthrough/)|All|\r\n|53.|[Star Wars:1](https://www.hackingarticles.in/star-wars-1-vulnhub-walkthrough/)|All|\r\n|54.|[Mercury](https://www.hackingarticles.in/mercury-vulnhub-walkthrough/)|script|\r\n|55.|[Durian:1](https://www.hackingarticles.in/durian-1-vulnhub-walkthrough/)|script|\r\n|56.|[nyx:1](https://www.hackingarticles.in/nyx-1-vulnhub-walkthrough/)|gcc|\r\n|57.|[Relevant:1](https://www.hackingarticles.in/relevant-1-vulnhub-walkthrough/)|node|\r\n|58.|[Maskcrafter:1.1](https://www.hackingarticles.in/maskcrafter-1-1-vulnhub-walkthrough/)|dpkg|\r\n|59.|[Hogwarts:Bellatrix](https://www.hackingarticles.in/hogwarts-bellatrix-vulnhub-walkthrough/)|vim|\r\n\r\n\r\n\r\n\r\n\u003ca name=\"suid\"\u003e\u003c/a\u003e\r\n## SUID Bit [⤴](#table-of-contents)\r\n\r\n|No.| Machine Name |SUID Bit|\r\n|-------|------------------------------|-------|\r\n|1.|[Kevgir](https://www.hackingarticles.in/hack-kevgir-vm-ctf-challenge/)|cp|\r\n|2.|[digitalworld.local - BRAVERY](https://www.hackingarticles.in/digitalworld-local-bravery-vulnhub-walkthrough/)|cp|\r\n|3.|[Happycorp : 1](https://www.hackingarticles.in/happycorp1-vulnhub-walkthrough/)|cp|\r\n|4.|[FourAndSix : 2](https://www.hackingarticles.in/fourandsix-2-vulnhub-walkthrough/)|doas|\r\n|5.|[DC-1](https://www.hackingarticles.in/dc-1-vulnhub-walkthrough/)|find|\r\n|6.|[dpwwn:2](https://www.hackingarticles.in/dpwwn2-vulnhub-walkthrough/)|find|\r\n|7.|[MinU: v2](https://www.hackingarticles.in/minu-v2-vulnhub-walkthrough/)|Micro Editor|\r\n|8.|[Toppo:1](https://www.hackingarticles.in/hack-the-toppo1-vm-ctf-challenges/)|python 2.7/mawk|\r\n|9.|[Mr. Robot](https://www.hackingarticles.in/hack-mr-robot-vm-ctf-challenge/)|nmap|\r\n|10.|[Covfefe](https://www.hackingarticles.in/hack-covfefe-vm-ctf-challenge/)|script|\r\n|11.|[/dev/random : K2](https://www.hackingarticles.in/hack-the-dev-random-k2-vm-boot2root-challenge/)|script|\r\n|12.|[hackme1](https://www.hackingarticles.in/hackme-1-vulnhub-walkthrough/)|script|\r\n|13.|[Sunset: dawn](https://www.hackingarticles.in/sunset-dawn-vulnhub-walkthrough/)|zsh|\r\n|14.|[HA: Wordy](https://www.hackingarticles.in/ha-wordy-vulnhub-walkthrough/)|cp|\r\n|15.|[bossplayersCTF 1](https://www.hackingarticles.in/bossplayersctf-1-vulnhub-walkthrough/)|find|\r\n|16.|[In Plain Sight:1](https://www.hackingarticles.in/in-plain-sight1-vulnhub-walkthrough/)|script|\r\n|17.|[Five86:1](https://www.hackingarticles.in/five861-vulnhub-walkthrough/)|script|\r\n|18.|[Geisha:1](https://www.hackingarticles.in/geisha1-vulnhub-walkthrough/)|base32|\r\n|19.|[Victim:1](https://www.hackingarticles.in/victim1-vulnhub-walkthrough/)|nohup|\r\n|20.|[eLection: 1](https://www.hackingarticles.in/election-1-vulnhub-walkthorugh/)|script|\r\n|21.|[Photographer 1](https://www.hackingarticles.in/photographer-1-vulnhub-walkthrough/)|php7.2|\r\n|22.|[DMV :1](https://www.hackingarticles.in/dmv-1-vulnhub-walkthrough/)| script|\r\n|23.|[ShellDredd #1 Hannah](https://www.hackingarticles.in/shelldredd-1-hannah-vulnhub-walkthrough/)| cpulimit|\r\n|24.|[KB-Vuln:3](https://www.hackingarticles.in/kb-vuln-3-vulnhub-walkthrough/)| systemctl|\r\n|25.|[Cybox:1](https://www.hackingarticles.in/cybox-1-vulnhub-walkthrough/)| register|\r\n\r\n\u003ca name=\"kernel\"\u003e\u003c/a\u003e\r\n## Kernel Exploit [⤴](#table-of-contents)\r\n\r\n|No.| Machine Name|Kernel|Exploit|\r\n|-------|----------------------|--------------------------------------------------------|-----------------------------------------|\r\n|1.|[pWnOS -1.0](https://www.hackingarticles.in/hack-the-pwnos-1-0-boot-to-root/)|Linux Kernel 2.6.17 \u003c 2.6.24.1| [5092](https://www.exploit-db.com/exploits/5092)|\r\n|2.|[LAMPSecurity: CTF 5](https://www.hackingarticles.in/hack-the-lampsecurity-ctf-5-ctf-challenge/)|Linux Kernel 2.4/2.6|[9479](https://www.exploit-db.com/exploits/9479)|\r\n|3.|[Kioptrix : Level 1.1](https://www.hackingarticles.in/hack-the-kioptrix-level-2-boot2root-challenge/)|CentOS 4.4/4.5 / Fedora Core 4/5/6 x86)|[9542](https://www.exploit-db.com/exploits/9542)|\r\n|4.|[Hackademic-RTB1](https://www.hackingarticles.in/hack-the-hackademic-rtb1-vm-boot-to-root/)| RDS Protocol' Local Privilege Escalation| [15285](https://www.exploit-db.com/exploits/15285)|\r\n|5.|[Hackademic-RTB2](https://www.hackingarticles.in/hack-the-hackademic-rtb2-boot2root/)|RDS Protocol' Local Privilege Escalation|[15285](https://www.exploit-db.com/exploits/15285)|\r\n|6.|[ch4inrulz : 1.0.1](https://www.hackingarticles.in/hack-the-ch4inrulz-1-0-1-ctf-challenge/)|RDS Protocol' Local Privilege Escalation|[15285](https://www.exploit-db.com/exploits/15285)|\r\n|7.|[Kioprtix: 5](https://www.hackingarticles.in/hack-the-kioptrix-5-ctf-challenge/)|FreeBSD 9.0 - Intel SYSRET Kernel Privilege Escalation|[28718](https://www.exploit-db.com/exploits/28718)|\r\n|8.|[Simple](https://www.hackingarticles.in/hack-simple-vm-ctf-challenge/)|Apport/Abrt (Ubuntu / Fedora)| [36746](https://www.exploit-db.com/exploits/36746)|\r\n|9.|[SecOS: 1](https://www.hackingarticles.in/hack-the-secos1-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)|\r\n|10.|[Droopy](https://www.hackingarticles.in/hack-droopy-vm-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)|\r\n|11.|[VulnOS: 2.0](https://www.hackingarticles.in/hack-the-vulnos-2-0-vm-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)|\r\n|12.|[Fartknocker](https://www.hackingarticles.in/hack-fartknocker-vm-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)|\r\n|13.|[Super Mario](https://www.hackingarticles.in/hack-super-mario-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)|\r\n|14.|[Golden Eye:1](https://www.hackingarticles.in/hack-the-golden-eye1-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)|\r\n|15.|[Typhoon : 1.02](https://www.hackingarticles.in/typhoon-1-02-vulnhub-walkthrough/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)|\r\n|16.|[GrimTheRipper:1](https://www.hackingarticles.in/grimtheripper-1-vulnhub-walkthrough/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)|\r\n|17.|[6days](https://www.hackingarticles.in/hack-6days-vm-ctf-challenge/)|Ubuntu 12.04/14.04/14.10/15.04|[37292](https://www.exploit-db.com/exploits/37292)|\r\n|18.|[Lord of the Root](https://www.hackingarticles.in/hack-lord-root-vm-ctf-challenge/)|Ubuntu 14.04/15.10| [39166](https://www.exploit-db.com/exploits/39166)|\r\n|19.|[Acid Reloaded](https://www.hackingarticles.in/hack-acid-reloaded-vm-ctf-challenge/)|Ubuntu 14.04/15.10|[39166](https://www.exploit-db.com/exploits/39166)|\r\n|20.|[Stapler](https://www.hackingarticles.in/hack-stapler-vm-ctf-challenge/)|Ubuntu 16.04|[39772](https://www.exploit-db.com/exploits/39772)|\r\n|21.|[Sidney](https://www.hackingarticles.in/hack-sydney-vm-ctf-challenge/)|Ubuntu 16.04|[39772](https://www.exploit-db.com/exploits/39772)|\r\n|22.|[DC-3](https://www.hackingarticles.in/dc-3-walkthrough/)|Ubuntu 16.04|[39772](https://www.exploit-db.com/exploits/39772)|\r\n|23.|[Pluck](https://www.hackingarticles.in/hack-pluck-vm-ctf-challenge/)|Dirty COW|[40616](https://www.exploit-db.com/exploits/40616)|\r\n|24.|[Lampiao : 1](https://www.hackingarticles.in/hack-the-lampiao-1-ctf-challenge/)|Dirty COW /proc/self/mem' Race Condition|[40847](https://www.exploit-db.com/exploits/40847)|\r\n|25.|[WinterMute : 1](https://www.hackingarticles.in/hack-the-wintermute-1-ctf-challenge/)|GNU Screen 4.5.0|[41154](https://www.exploit-db.com/exploits/41154)|\r\n|26.|[DC-5](https://www.hackingarticles.in/dc-5-vulnhub-walkthrough/)|GNU Screen 4.5.0|[41154](https://www.exploit-db.com/exploits/41154)|\r\n|27.|[BTRSys:dv 2.1](https://www.hackingarticles.in/hack-btrsys-v2-1-vm-boot2root-challenge/)|Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free|[41458](https://www.exploit-db.com/exploits/41458)|\r\n|28.|[Nightmare](https://www.hackingarticles.in/hack-the-box-nightmare-walkthrough/)|Ubuntu 14.04/16.04 (KASLR / SMEP)|[43418](https://www.exploit-db.com/exploits/43418)|\r\n|29.|[Trollcave](https://www.hackingarticles.in/hack-the-trollcave-vm-boot-to-root/)|Linux Kernel \u003c 4.4.0-116 (Ubuntu 16.04.4)|[44298](https://www.exploit-db.com/exploits/44298)|\r\n|30.|[Prime: 1](https://www.hackingarticles.in/prime-1-vulnhub-walkthrough/)|Linux Kernel \u003c 4.4.0-116 (Ubuntu 16.04.4)| [44298](https://www.exploit-db.com/exploits/44298)|\r\n|31.|[LAMPSecurity: CTF6](https://www.hackingarticles.in/lampsecurity-ctf6-vulnhub-walkthrough/)|Linux Kernel 2.6|[8478](https://www.exploit-db.com/exploits/8478)|\r\n|32.|[My File Server:1](https://www.hackingarticles.in/my-file-server-1-vulnhub-walkthrough/)|Dirty COW|[40616](https://www.exploit-db.com/exploits/40616)|\r\n|33.|[VulnUni 1.0.1](https://www.hackingarticles.in/vulnuni-1-0-1-vulnhub-walkthrough/)|GUnet OpenEclass E-learning platform 1.7.3|[48106](https://www.exploit-db.com/exploits/48106)|\r\n|34.|[Sumo: 1](https://www.hackingarticles.in/sumo-1-vulnhub-walkthrough/)|Dirty COW|[40839](https://www.exploit-db.com/exploits/40839)|\r\n|35.|[CyberSploit: 1](https://www.hackingarticles.in/cybersploit-1-vulnhub-walkthrough/)|Linux Kernel 3.13.0 \u003c 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs'|[37292](https://www.exploit-db.com/exploits/37292)|\r\n|36.|[Loly: 1](https://www.hackingarticles.in/loly-1-vulnhub-walkthrough/)|Linux Kernel \u003c 4.13.9 (Ubuntu 16.04 / Fedora 27) |[45010](https://www.exploit-db.com/exploits/45010)|\r\n|37.|[Tomato: 1](https://www.hackingarticles.in/tomato-1-vulnhub-walkthrough/)|Linux Kernel \u003c 4.13.9 (Ubuntu 16.04 / Fedora 27) |[45010](https://www.exploit-db.com/exploits/45010)|\r\n\r\n\u003ca name=\"path\"\u003e\u003c/a\u003e\r\n## Path Variable [⤴](#table-of-contents)\r\n\r\n|No.| Path Variable | Files |\r\n|-------|-----------------|--------|\r\n|1.| [PwnLab](https://www.hackingarticles.in/penetration-testing-pwnlab-ctf-challenge/)| cat |\r\n|2.| [USV](https://www.hackingarticles.in/hack-usv-vm-ctf-challenge/) | cat |\r\n|3.| [Zeus:1](https://www.hackingarticles.in/zeus1-vulnhub-walkthrough/)| date |\r\n|4.| [The Gemini inc](https://www.hackingarticles.in/hack-the-gemini-inc-ctf-challenge/) | date |\r\n|5.| [EW-Skuzzy](https://www.hackingarticles.in/hack-ew-skuzzy-vm-ctf-challenge/)|id|\r\n|6.| [Nullbyte](https://www.hackingarticles.in/hack-nullbyte-vm-ctf-challenge/) | ps |\r\n|7.| [symfonos : 1](https://www.hackingarticles.in/symfonos1-vulnhub-walkthrough/)| curl |\r\n|8.| [Silky-CTF: 0x01](https://www.hackingarticles.in/silky-ctf-0x01-vulnhub-walkthrough/) | whoami |\r\n|9.| [Beast 2](https://www.hackingarticles.in/beast-2-vulnhub-walkthrough/) | whoami |\r\n|10.| [HA:Arsenal Avengers](https://www.hackingarticles.in/ha-avengers-arsenal-vulnhub-walkthrough/) | ifconfig |\r\n|11.| [Inclusiveness:1](https://www.hackingarticles.in/inclusiveness-1-vulnhub-walkthrough/)|whoami|\r\n|12.| [MuzzyBox:1](https://www.hackingarticles.in/muzzybox-1-vulnhub-walkthrough/)|ls|\r\n|13.| [TBBT:2](https://www.hackingarticles.in/tbbt2-vulnhub-walkthrough/)|sl|\r\n|14.| [Sunset: Midnight](https://www.hackingarticles.in/sunset-midnight-vulnhub-walkthrough/)|service|\r\n|15.| [Healthcare:1](https://www.hackingarticles.in/healthcare-1-vulnhub-walkthrough/)|fdisk|\r\n\r\n\r\n\u003ca name=\"enum\"\u003e\u003c/a\u003e\r\n## Enumeration [⤴](#table-of-contents)\r\n\r\n| No. | Machine Name |\r\n|-----|-----------------------------------------------------------------------------------------------------------------------|\r\n| 1. | [The Library:1](https://hackingarticles.in/the-library1-vulnhub-walkthrough/) |\r\n| 2. | [The Library:2](https://www.hackingarticles.in/the-library2-vulnhub-walkthrough/) |\r\n| 3. | [LAMPSecurity: CTF 4](https://www.hackingarticles.in/hack-the-lampsecurity-ctf4-ctf-challenge/) |\r\n| 4. | [LAMPSecurity: CTF 7](https://www.hackingarticles.in/hack-the-lampsecurity-ctf-7-ctf-challenge/) |\r\n| 5. | [Xerxes: 1](https://www.hackingarticles.in/xerxes-1-vulnhub-walkthrough/) |\r\n| 6. | [pWnOS -2.0](https://www.hackingarticles.in/hack-the-pwnos-2-0-boot-2-root-challenge/) |\r\n| 7. | [DE-ICE:S1.130](https://www.hackingarticles.in/hack-the-de-ice-s1-130-boot2root-challenge/) | | 8. | | 8. | [SickOS 1.1](https://www.hackingarticles.in/hack-sickos-1-1-vm-ctf-challenge/) | \r\n| 9. | [Tommyboy](https://www.hackingarticles.in/hack-tommyboy-vm-ctf-challenge/) |\r\n| 10. | [VulnOS: 1](https://www.hackingarticles.in/hack-the-vulnos-1-ctf-challenge/) |\r\n| 11. | [Spyder Sec](https://www.hackingarticles.in/hack-spydersec-vm-ctf-challenge/) |\r\n| 12. | [Acid](https://www.hackingarticles.in/hack-acid-vm-ctf-challenge/) |\r\n| 13. | [Necromancer](https://www.hackingarticles.in/hack-necromancer-vm-ctf-challenge/) |\r\n| 14. | [Freshly](https://www.hackingarticles.in/hack-freshly-vm-ctf-challenge/) |\r\n| 15. | [Fortress](https://www.hackingarticles.in/hack-fortress-vm-ctf-challenge/) |\r\n| 16. | [Billu : B0x](https://www.hackingarticles.in/hack-billu-b0x-vm-boot2root-challenge/) |\r\n| 17. | [Defence Space](https://www.hackingarticles.in/hack-the-defense-space-vm-ctf-challengehack-defense-vm-ctf-challenge/) |\r\n| 18. | [Moria 1.1](https://www.hackingarticles.in/hack-moria-1-1-ctf-challenge/) |\r\n| 19. | [Analougepond](https://www.hackingarticles.in/hack-analougepond-vm-ctf-challenge/) |\r\n| 20. | [Lazysysadmin](https://www.hackingarticles.in/hack-lazysysadmin-vm-ctf-challenge/) |\r\n| 21. | [Bulldog](https://www.hackingarticles.in/hack-bulldog-vm-boot2root-challenge/) |\r\n| 22. | [BTRSys 1](https://www.hackingarticles.in/hack-btrsys1-vm-boot2root-challenge/) |\r\n| 23. | [G0rmint](https://www.hackingarticles.in/hack-g0rmint-vm-ctf-challenge/) |\r\n| 24. | [Blacklight : 1](https://www.hackingarticles.in/hack-the-blacklight-1-ctf-challenge/) |\r\n| 25. | [The blackmarket](https://www.hackingarticles.in/hack-the-blackmarket-vm-ctf-chAllenge/) | \r\n| 26. | [Matrix 2](https://www.hackingarticles.in/matrix-2-vulnhub-lab-walkthrough/) | \r\n| 27. | [Basic Pentesting : 2](https://www.hackingarticles.in/hack-the-basic-pentesting2-vm-ctf-chAllenge/) |\r\n| 28. | [Depth](https://www.hackingarticles.in/hack-depth-vm-ctf-challenge/)|\r\n| 29. | [Bob: 1.0.1](https://www.hackingarticles.in/hack-the-bob-1-0-1-vm-ctf-challenge/)|\r\n| 30. | [W34kn3ss 1](https://www.hackingarticles.in/w34kn3ss-1-vulnhub-lab-walkthrough/)|\r\n| 31. | [Replay: 1](https://www.hackingarticles.in/replay-1-vulnhub-lab-walkthrough/)|\r\n| 32. | [Born2Root: 2](https://www.hackingarticles.in/born2root-2-vulnhub-walkthrough/)|\r\n| 33. | [CLAMP 1.0.1](https://www.hackingarticles.in/clamp-1-0-1-vulnhub-walkthrough/)|\r\n| 34. | [WestWild: 1.1](https://www.hackingarticles.in/westwild-1-1-vulnhub-walkthorugh/)|\r\n| 35. | [64base](https://www.hackingarticles.in/hack-64base-vm-ctf-challenge/)|\r\n| 36. | [C0m80](https://www.hackingarticles.in/hack-c0m80-vm-boot2root-challenge/)|\r\n| 37. | [Gibson](https://www.hackingarticles.in/hack-gibson-vm-ctf-challenge/)|\r\n| 38. | [Quaoar](https://www.hackingarticles.in/hack-quaoar-vm-ctf-challenge/)|\r\n| 39. | [Hacker Fest: 2019](https://www.hackingarticles.in/hacker-fest-2019-vulnhub-walkthrough/)|\r\n| 40. | [EVM: 1](https://www.hackingarticles.in/evm-1-vulnhub-walkthrough/)|\r\n| 41. | [EnuBox:Mattermost](https://www.hackingarticles.in/enubox-mattermost-vulnhub-walkthrough/)|\r\n| 42. | [2much:1](https://www.hackingarticles.in/2much-1-vulnhub-walkthrough/)|\r\n| 43. | [mhz_cxf:c1f](https://www.hackingarticles.in/mhz_cxf-c1f-vulnhub-walkthrough/)|\r\n| 44. | [HA: Pandavas](https://www.hackingarticles.in/ha-pandavas-vulnhub-walkthrough/)|\r\n| 45. | [GreenOptic:1](https://www.hackingarticles.in/greenoptic-1-vulnhub-walkthrough/)|\r\n| 46. | [Cewlkid:1](https://www.hackingarticles.in/cewlkid-1-vulnhub-walkthrough/)|\r\n| 47. | [PowerGrid:1.0.1](https://www.hackingarticles.in/powergrid-1-0-1-vulnhub-walkthrough/)|\r\n| 48. | [Insanity:1](https://www.hackingarticles.in/insanity-1-vulnhub-walkthrough/)|\r\n| 49. | [Tempus Fugit:3](https://www.hackingarticles.in/tempus-fugit-3-vulnhub-walkthrough/)|\r\n| 50. | [HA: Forensics](https://www.hackingarticles.in/ha-forensics-vulnhub-walkthrough/)|\r\n| 51. | [HA: Vedas](https://www.hackingarticles.in/ha-vedas-vulnhub-walkthrough/)|\r\n| 52. | [HA: Sherlock](https://www.hackingarticles.in/ha-sherlock-vulnhub-walkthrough/)|\r\n\r\n\u003ca name=\"mysql\"\u003e\u003c/a\u003e\r\n## MySQL [⤴](#table-of-contents)\r\n\r\n| No | Machine Name |\r\n|-----|---------------------------------------------------------------------------------------------------------|\r\n| 1. | [Kioptrix : Level 1.3](https://www.hackingarticles.in/hack-the-kioptrix-level-1-3-boot2root-challenge/) |\r\n| 2. | [Raven](https://www.hackingarticles.in/hack-the-raven-walkthrough-ctf-challenge/) |\r\n| 3. | [Raven : 2](https://www.hackingarticles.in/raven-2-vulnhub-walkthrough/) |\r\n\r\n\u003ca name=\"cronjob\"\u003e\u003c/a\u003e\r\n## Cronjob [⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1.\t |[Billy Madison](https://www.hackingarticles.in/hack-billy-madison-vm-ctf-challenge/) |\r\n|2.\t |[BSides Vancuver: 2018](https://www.hackingarticles.in/hack-the-bsides-vancouver2018-vm-boot2root-challenge/)|\r\n|3.\t |[Jarbas : 1](https://www.hackingarticles.in/hack-the-jarbas-1-ctf-challenge/)|\r\n|4.\t |[SP:Jerome](https://www.hackingarticles.in/spjerome-vulnhub-walkthrough/)|\r\n|5. |[dpwwn: 1](https://www.hackingarticles.in/dpwwn-1-vulnhub-walkthrough/)|\r\n|6. |[Sar](https://www.hackingarticles.in/sar-vulnhub-walkthrough/)|\r\n|7. |[TBBT](https://www.hackingarticles.in/tbbt-funwithflags-vulnhub-walkthrough/)|\r\n|8. |[Glasgow Smile: 1.1](https://www.hackingarticles.in/glasgow-smile-1-1-vulnhub-walkthrough/)|\r\n|9. |[LemonSqueezy:1](https://www.hackingarticles.in/lemonsqueezy1-vulnhub-walkthrough/)|\r\n\r\n\u003ca name=\"wild\"\u003e\u003c/a\u003e\r\n## Wildcard Injection [⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1.\t |[Milnet](https://www.hackingarticles.in/hack-milnet-vm-ctf-challenge/)|\r\n|2.\t |[Pipe](https://www.hackingarticles.in/hack-pipe-vm-ctf-challenge/)|\r\n\r\n\u003ca name=\"capabilities\"\u003e\u003c/a\u003e\r\n## Capabilities [⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1.\t |[Kuya : 1](https://www.hackingarticles.in/vulnhub-kuya-1-walkthrough/)|\r\n|2.\t |[DomDom: 1](https://www.hackingarticles.in/domdom-1-vulnhub-walkthrough/)|\r\n|3. |[HA: Naruto](https://www.hackingarticles.in/ha-naruto-vulnhub-walkthrough/)|\r\n|4. |[Connect The Dots:1](https://www.hackingarticles.in/connect-the-dots1-vulnhub-walkthough/)|\r\n|5. |[Katana](https://www.hackingarticles.in/katana-vulnhub-walkthrough/)|\r\n|6. |[Presidential: 1](https://www.hackingarticles.in/presidential-1-vulnhub-walkthrough/)|\r\n\u003ca name=\"etc\"\u003e\u003c/a\u003e\r\n## Writable /etc/passwd file [⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1.\t |[Hackday Albania](https://www.hackingarticles.in/hack-hackday-albania-vm-ctf-challenge/)|\r\n|2.\t |[Billu Box 2](https://www.hackingarticles.in/hack-billu-b0x-vm-boot2root-challenge/)|\r\n|3.\t |[Bulldog 2](https://www.hackingarticles.in/hack-the-bulldog2-ctf-challenge/)|\r\n|4. |[AI: Web: 1](https://www.hackingarticles.in/ai-web-1-vulnhub-walkthrough/)|\r\n|5. |[Westwild: 2](https://www.hackingarticles.in/westwild-2-vulnhub-walkthrough/)|\r\n|6. |[Misdirection 1](https://www.hackingarticles.in/misdirection-1-vulnhub-walkthrough/)|\r\n|7. |[HA: ISRO](https://www.hackingarticles.in/ha-isro-vulnhub-walkthrough/)|\r\n|8. |[Gears of War: EP#1](https://www.hackingarticles.in/gears-of-war-ep1-vulnhub-walkthrough/)|\r\n|9. |[DC:9](https://www.hackingarticles.in/dc-9-vulnhub-walkthrough/)|\r\n|10. |[Sahu](https://www.hackingarticles.in/sahu-vulnhub-walkthrough/)|\r\n|11. |[Sunset: Twilight](https://www.hackingarticles.in/sunset-twilight-vulnhub-walkthrough/)|\r\n|12. |[Chili:1](https://www.hackingarticles.in/chili-1-vulnhub-walkthrough/)|\r\n\r\n\u003ca name=\"root\"\u003e\u003c/a\u003e\r\n## Writable files or script [⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1.\t |[Skydog](https://www.hackingarticles.in/hack-skydog-vm-ctf-challenge/)|\r\n|2.\t |[Breach 1.0](https://www.hackingarticles.in/hack-breach-1-0-vm-ctf-challenges/)|\r\n|3.\t |[Bot Challenge: Dexter](https://www.hackingarticles.in/hack-bot-challenge-dexter-boot2root-challenge/)|\r\n|4.\t |[Fowsniff : 1](https://www.hackingarticles.in/fowsniff-1-vulnhub-walkthrough/)|\r\n|5.\t |[Mercy](https://www.hackingarticles.in/mercy-vulnhub-walkthrough/)|\r\n|6.\t |[Casino Royale](https://www.hackingarticles.in/casino-royale-1-vulnhub-walkthrough/)|\r\n|7.\t |[SP eric](https://www.hackingarticles.in/sp-eric-vulnhub-lab-walkthrough/)|\r\n|8.\t |[PumpkinGarden](https://www.hackingarticles.in/pumpkingarden-vulnhub-walkthrough/)|\r\n|9.\t |[Tr0ll: 3](https://www.hackingarticles.in/tr0ll-3-vulnhub-walkthrough/)|\r\n|10. |[Nezuko:1](https://www.hackingarticles.in/nezuko-1-vulnhub-walkthrough/)|\r\n|11. |[Symfonos:3](https://www.hackingarticles.in/symfonos3-vulnhub-walkthrough/)|\r\n|12. |[Tr0ll 1](https://www.hackingarticles.in/hack-the-troll-1-vm-boot-to-root/)|\r\n|13. |[DC:7](https://www.hackingarticles.in/dc7-vulnhub-walkthrough/)|\r\n|14. |[View2aKill](https://www.hackingarticles.in/view2akill-vulnhub-walkthrough/)|\r\n|15. |[CengBox:1](https://www.hackingarticles.in/cengbox-1-vulnhub-walkthrough/)|\r\n|16. |[Broken 2020: 1](https://www.hackingarticles.in/broken-2020-1-vulnhub-walkthrough/)|\r\n|17. |[CengBox:2](https://www.hackingarticles.in/cengbox-2-vulnhub-walkthrough/)|\r\n|18. |[HA:Narak](https://www.hackingarticles.in/ha-narak-vulnhub-walkthrough/)|\r\n\r\n\u003ca name=\"buffer\"\u003e\u003c/a\u003e\r\n## Buffer Overflow [⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1.\t |[Tr0ll 2](https://www.hackingarticles.in/hack-the-tr0ll-2-boot2root-challenge/)|\r\n|2.\t |[IMF](https://www.hackingarticles.in/hack-imf-vm-ctf-challenge/)|\r\n|3.\t |[BSides London 2017](https://www.hackingarticles.in/hack-the-bsides-london-vm-2017boot2root/)|\r\n|4.\t |[PinkyPalace](https://www.hackingarticles.in/hack-the-pinkypalace-vm-ctf-challenge/)|\r\n|5.\t |[ROP Primer](https://www.hackingarticles.in/hack-the-rop-primer-1-0-1-ctf-challenge/)|\r\n|6. |[CTF KFIOFAN:2](https://www.hackingarticles.in/ctf-kfiofan-2-vulnhub-walkthorugh/)|\r\n|7. |[Kioptrix : Level 1](https://www.hackingarticles.in/hack-the-kioptrix-level-1/)|\r\n|8. |[Silky-CTF: 0x02](https://www.hackingarticles.in/silky-ctf-0x02-vulhub-walkthrough/)|\r\n\r\n\r\n\u003ca name=\"docker\"\u003e\u003c/a\u003e\r\n## Docker [⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1.\t |[Donkey Docker](https://www.hackingarticles.in/hack-donkeydocker-ctf-challenge/)|\r\n|2.\t |[Game of Thrones](https://www.hackingarticles.in/hack-game-thrones-vm-ctf-challenge/)|\r\n|3.\t |[HackinOS:1](https://www.hackingarticles.in/hackinos1-vulnhub-lab-walkthrough/)|\r\n|4. |[HA: Chakravyuh](https://www.hackingarticles.in/ha-chakravyuh-vulnhub-walkthrough/)|\r\n|5. |[Mumbai:1](https://www.hackingarticles.in/mumbai1-vulnhub-walkthrough/)|\r\n|6. |[Sunset:dusk](https://www.hackingarticles.in/sunset-dusk-vulnhub-walkthrough/)|\r\n|7. |[Pwned:1](https://www.hackingarticles.in/pwned-1-vulnhub-walkthorugh/)|\r\n\r\n\u003ca name=\"chkrootkit\"\u003e\u003c/a\u003e\r\n## Chkrootkit [⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1. |[SickOS 1.2](https://www.hackingarticles.in/hack-the-sickos-1-2-vm-ctf-challenge/)|\r\n|2. |[Sedna](https://www.hackingarticles.in/hack-sedna-vm-ctf-challenge/)|\r\n|3. |[HA: Chanakya](https://www.hackingarticles.in/ha-chanakya-vulnhub-walkthrough/)|\r\n|4. |[Sunset: decoy](https://www.hackingarticles.in/sunset-decoy-vulnhub-walkthrough/)|\r\n\r\n\u003ca name=\"bruteforce\"\u003e\u003c/a\u003e\r\n## Bruteforce [⤴](#table-of-contents) \r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1. |[Rickdiculouslyeasy](https://www.hackingarticles.in/hack-rickdiculouslyeasy-vm-ctf-challenge/)|\r\n|2. |[RootThis : 1](https://www.hackingarticles.in/vulnhub-rootthis-1-walkthrough/)|\r\n|3. |[LAMPSecurity: CTF 8](https://www.hackingarticles.in/hack-the-lampsecurity-ctf8-ctf-challenge-2/)|\r\n|4. |[Cyberry:1](https://hackingarticles.in/hack-vm-cyberry-1boot2root-challenge/)|\r\n|5.\t |[Born2root](https://www.hackingarticles.in/hack-born2root-vm-ctf-challenge/) |\r\n\r\n\u003ca name=\"shadow\"\u003e\u003c/a\u003e\r\n## Crack /etc/shadow [⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1. |[DE-ICE:S1.140](https://www.hackingarticles.in/hack-the-de-ice-s1-140-boot-to-root/)|\r\n|2. |[Minotaur](https://www.hackingarticles.in/hack-minotaur-vm-ctf-challenge/)|\r\n|3. |[Moonraker:1](https://www.hackingarticles.in/moonraker1-vulnhub-walkthrough/)|\r\n|4. |[Basic Penetration](https://www.hackingarticles.in/hack-the-basic-penetration-vm-boot2root-challenge/)|\r\n|5. |[W1R3S.inc](https://www.hackingarticles.in/hack-the-w1r3s-inc-vm-ctf-challenge/)|\r\n\r\n\u003ca name=\"nfs\"\u003e\u003c/a\u003e\r\n## NFS [⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1. |[Orcus](https://www.hackingarticles.in/hack-orcus-vm-ctf-challenge/)|\r\n|2. |[FourAndSix](https://www.hackingarticles.in/hack-the-fourandsix-ctf-challenge/)|\r\n\r\n\u003ca name=\"json\"\u003e\u003c/a\u003e\r\n## Json [⤴](#table-of-contents)\r\n| No | Machine Name |Json|\r\n|----|-----------------------------------------------------------------------------------------|-------|\r\n|1. |[MinU: 1](https://www.hackingarticles.in/hack-the-minu-1-ctf-challenge/)| Json Token|\r\n|2. |[Symfonos:4](https://www.hackingarticles.in/symfonos4-vulnhub-walkthrough/)| Json Pickle|\r\n\r\n\u003ca name=\"redis\"\u003e\u003c/a\u003e\r\n## Redis [⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1. |[Gemini inc:2](https://www.hackingarticles.in/hack-the-gemini-inc2-ctf-challenge/)|\r\n\r\n\u003ca name=\"lxd\"\u003e\u003c/a\u003e\r\n## LXD [⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1. |[AI: Web: 2](https://www.hackingarticles.in/ai-web-2-vulnhub-walkthrough/)|\r\n|2. |[HA: Joker](https://www.hackingarticles.in/ha-joker-vulnhub-walkthrough/)|\r\n|3. |[CyNix:1](https://www.hackingarticles.in/cynix1-vulnhub-walkthrough/)|\r\n\r\n\r\n\u003ca name=\"all\"\u003e\u003c/a\u003e\r\n## ALL [⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1. |[Lin.Security](https://www.hackingarticles.in/hack-the-lin-security-vm-boot-to-root/)|\r\n|2. |[Escalate_Linux](https://www.hackingarticles.in/escalate_linux-vulnhub-walkthrough-part-1/)|\r\n|3. |[Jigsaw:1](https://www.hackingarticles.in/jigsaw1-vulnhub-walkthrough/)|\r\n\r\n\u003ca name=\"Exim\"\u003e\u003c/a\u003e\r\n## Exim[⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n| 1. |[DC:8](https://www.hackingarticles.in/dc8-vulnhub-walkthrough/) |\r\n\r\n\u003ca name=\"apache2\"\u003e\u003c/a\u003e\r\n## Apache2 Writable [⤴](#table-of-contents)\r\n| No | Machine Name |\r\n|----|---------------------------------------------------------------------------------------------------------|\r\n|1.|[Torment](https://www.hackingarticles.in/digitalworld-localtorment-vulnhub-walkthrough/)|\r\n|2.|[HA: Armour](https://www.hackingarticles.in/ha-armour-walkthrough/)|\r\n|3.|[HA: Natraj](https://www.hackingarticles.in/ha-natraj-vulnhub-walkthrough/)\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fignitetechnologies%2Fprivilege-escalation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fignitetechnologies%2Fprivilege-escalation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fignitetechnologies%2Fprivilege-escalation/lists"}