Inspired by the great cheese talk of THM!

Bob has since joined the CERT team and developed a nifty new site. Is there more than meets the eye?

I started by scanning "BoardLight," found a vulnerable web app, and used CVE-2023-30253 to gain initial access. I escalated privileges by using exposed database credentials, then exploited a SUID binary vulnerability (CVE-2022-37706) to get root and capture the flag.

Exploiting CVE-2023-4220 in the Chamilo LMS to gain remote code execution via an unauthenticated file upload. After initial access, the attack leverages a symlink attack on a vulnerable ACL script to escalate privileges and gain root access, capturing both user and root flags.

A vulnerable web environment with flaws in Pluck CMS and Gitea, leading to information disclosure, RCE, and privilege escalation. Exploit weak hashes and uncover hidden data to gain control.

Welcome to the web application of U.A., the Superhero Academy.