Ghoul
Ghoul
Ghoul 187
Ghoul
RETIRED MACHINE

Ghoul

Ghoul - Linux Linux
Ghoul - Hard Hard

3.6

MACHINE RATING

1185

USER OWNS

924

SYSTEM OWNS

04/05/2019

RELEASED
Created by MinatoTW & egre55

Machine Synopsis

Ghoul is a hard difficulty linux box which tests enumeration and situational awareness skills. A zip file upload form is found to be vulnerable to ZipSlip, which can be used to upload a shell to the web server. A few readable SSH keys are found on the box which can be used to gain shells as other users. A user is found to have access to another host on the network. The second host is found to have an older version of Gogs server running. A git repo found on the Gogs server is found to contain sensitive information, which can be used to gain a shell as root. An incoming SSH connection is found to be using SSH agent forwarding, and can be hijacked to gain root shell on the host.

Machine Matrix

Ready to start your
hacking journey?