Scriptkiddie as the name suggests is a linux machine which hosts hacker tools for scanning and generating payloads. It begins by finidng metasploit vulnerability to gain foothold on the machine. There is a cronjob in the machine that is running a bash script. We take advantage of this script to gain a reverse shell as the user. The pwned user is able to run metasploit with superuser privileges which we execute bash to gain root access.

Tenet is a ctf like medium linux machine. It requires creative thinking and some guessing to obtain foothold on the machine. We begin by finding hidden wordpress blog. There is a comment in one of the blogs that gives out a hint for a subdomain and a php script source code. Upon looking at the php script source code, we see the script is vulnerable to php object deserialization.

Derpnstink 1 was a straight forward machine with some rabbitholes around the machine. It consisted finding hidden wordpress blog with outdated plugin that allows malicious file upload to obtain remote code execution. After obtaining foothold, there is a pcap traffic capture that contains user password. After switching to the user, the user is allowed to run binaries at a specific directory with sudo privilege.