Privilege Escalation Challenge Box (Linux)

Privilege Escalation Challenge Box — Linux

Virtual machine with 20 vectors of privilege escalation:

n
• SUID/SGID (4 vectors) — Binarios custom with SUID, GTFOBins classics, shared library hijacking.
n
• Sudo misconfig (3 vectors) — NOPASSWD in binarios explotables, sudo version exploit, env_keep abuse.
n
• Cron jobs (3 vectors) — Wildcard injection, writable script, PATH hijacking.
n
• Capabilities (2 vectors) — cap_setuid, cap_dac_read_search in binarios inesperados.
n
• Kernel (2 vectors) — DirtyPipe (CVE-2022-0847), DirtyCow for kernels legacy.
n
• Container escape (2 vectors) — Docker socket mount, privileged container breakout.
n
• Misc (4 vectors) — NFS no_root_squash, writable /etc/passwd, Python library hijacking, systemd timer abuse.
n
• Includes: OVA importsble, 20 flags, writeup by vector, script of reset.
n