# Hits & Summary

| **Name**                         | **Skill**                            | **Initial Flag**                                                                | **Root Privilege**                                  |
| -------------------------------- | ------------------------------------ | ------------------------------------------------------------------------------- | --------------------------------------------------- |
| Ready - Linux (Medium)           | <p>CVE + </p><p>Docker Container</p> | CVE - RCE                                                                       | Docker Container Escape                             |
| Blackfield - Windows (Hard)      | AD Enum                              | <p>Kerberos pre-authentication + </p><p>Less.dmp analysis +</p><p>NTLM hash</p> | Using the backup account to gain access to NTDS.dit |
| Love - Windows (Easy)            | PHP exploit, Windows PE              | PHP exploit                                                                     | Windows PE - **AlwaysInstallElevated Policy**       |
| <p>CAP - Linux </p><p>(Easy)</p> | Wireshark + Linux PE (SUID)          | pcap analysis - FTP password disclosed                                          | SUID (Capabilities )                                |
| BountyHunter - Linux (Easy)      | XXE + python hacking                 | XXE                                                                             | Sudo, with python hacking script                    |
|                                  |                                      |                                                                                 |                                                     |