Network Break-In
Description:
You have been hired as a penetration tester for a small company. Your task is to find vulnerabilities in their network and report them to the company so that they can fix them. The network consists of the following systems:
1 Linux machine with a web API that serves customer data
2 Windows 10 machines that run different applications
1 Windows Server that serves as the domain controller for the entire network
Objective:
The objective of this challenge is to compromise the domain controller, which would give you access to the entire network.
Hints:
Start by examining the web API running on the Linux machine
Try to find a vulnerability that would allow you to access sensitive data
Once you have access to the sensitive data, try to use it to pivot to the Windows 10 machines
Finally, try to find a way to escalate your privileges and compromise the domain controller
Scoring:
Accessing the sensitive data on the Linux machine API (100 points)
Compromising one of the Windows 10 machines (200 points)
Compromising the domain controller (500 points)
Final Note:
The challenge is set up in a simulated environment and does not reflect any real-world network setup.
The challenge is for educational purposes only and should not be used for malicious activities.
Last updated