Not a Pentester Academy student? Try our Free Communitiy Labs
Nginx, even though young by World Wide Web years, is as popular as Apache today. In this series of challenges, we hope to explore how attackers can exploit webapps running on Nginx arising due to server misconfigurations and/or application vulnerabilities. Take a look at the scenario below:
The target server has not been properly secured against arbitrary file upload and execution vulnerability. In addition to that, the server is vulnerable to a well known privilege escalation vulnerability CVE-2016-1247
Objective: Your objective is to upload a web shell, execute arbitrary commands on the server as root and retrieve the flag!
- Using automated scanners
- Using brute force attacks
- Denial of Service attacks
- Attacking the lab infrastructure
Users violating the above will be either temporarily or permanently banned from the website.
Technical Support for this Lab:
We currently provide technical support limited to:
- Giving hints for a lab exercise
- A lab exercise fails to load or has errors in it