<aside> 💡

My personal write-up for the Standoff Hackbase Bootcamp challenge

• The bootcamp is part of the qualification process for Standoff 16, where participants compete as part of the Red Team
• The points captured during the qualification phase are counted towards eligibility for the Final Standoff 16 event.
• At the same time, the bootcamp provides hands-on exposure to the Standoff cyber range, giving participants valuable experience that will help during the actual battle.

Standoff Hackbase Site

Standoff Hackbase

</aside>

[web-1-1] Remote code execution (RCE) on library.edu.stf

[web-1-2] Local privilege escalation (LPE) on library.edu.stf

[web-2-1] Local file inclusion (LFI) on www.edu.stf

[web-2-2] Remote Code Execution on www.edu.stf

[web-2-3] Local privilege escalation (LPE) on www.edu.stf

[web-3-1] Server-side request forgery (SSRF) on utils.edu.stf

[web-3-2] Remote code execution (RCE) on utils.edu.stf

[web-4] Remote code execution (RCE) on shop.edu.stf

[web-5] SQL injection (SQLi) on tokenizer.edu.stf

[web-6] Remote code execution (RCE) on smashmusic.edu.stf

[web-7] Remote code execution (RCE) on test-webserver.edu.stf

[web-8] Remote code execution (RCE) on gallery.edu.stf

[web-9] Remote code execution (RCE) on wp.edu.stf

[web-10] Remote code execution (RCE) on calculator.edu.stf

[infra-1] External reconnaissance

[infra-2] Obtaining access to the internal mail