Scribd
Upload
25 views2 pages

Vulnhub

Uploaded by

Manthan Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
25 views2 pages

Vulnhub

Uploaded by

Manthan Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Quick Rant

What you find "hard", other people may find "easy" and vice versa.
It all depends on your background experience. What have you been expose to
previously. This defines your current skill level.

To expand your skill set, you need to be able to solve problems.


A very handy skill to learn, is to how to troubleshoot correctly.

Which soon turns towards how to "Search the Internet" efficiently.


(Which may sound like an old joke, but the amount of times people who will say "Ive
tried/searched everything", which may end up be a single too generic/Pacific phrase
and clicked the first link (or skimmed over the first three), without reading the
manual/documentation as they would rather watch on YouTube.

There is also a lot of trying. A lot of failing. A lot of repeating. A lot of


experimenting.
...If there wasn't, it would not be fun. You wouldn't learn anything. You wouldn't
improve.

With all of this being said, its not easy to define what a challenge should be set
at. Below is our take on the matter.
This doesn't mean its correct. Hopefully it can help.

Something to keep in mind, over time, the difficulty may change. This could be
because there are tools developed to make it easier, new techniques discovered, as
well as unintentional vectors found.

And we are working on adding this into a filter/search on the main site, when v2 is
launched (No ETA).
Very Easy

Vulnerability types:

Brute force
No information needs to be gathered (able to guess) about the target
Singe vector for completing the machine
Software exploits where code is suitable out of the box (no
modifications/alterations required) (e.g. SearchSploit/Metasploit-Framework)
SQL injection

Often no need to escalate privileges, as already as the highest user (root access)
when getting initial access

Easy

Vulnerability types ("Very Easy" as well as the following):

Command injection
File inclusions
Hash cracking
Kernel exploits for privilege escalation
Very little amount of information needs to be gathered about the target

A single exploit to get initial access, another single exploit for privilege
escalation

Medium
Vulnerability types ("Very Easy + Easy" as well as the following):

Cross-Site scripting
Multiple vectors
Software exploits where code requires some modifications/alterations for it to
work (e.g. SearchSploit)
System administrator knowledge
Privilege escalation is required

In order to get root access, you may need to use a few vulnerabilities (short
chain)

Hard

Vulnerability types ("Very Easy + Easy + Medium" as well as the following):

Encryption
Harden/Defense enabled on the Operating System
No public software exploits
Pivoting
Time-based challenge limitations

In order to get initial & root access, having to chain multiple vulnerabilities
(long chain)

Very Hard

Vulnerability types ("Very Easy + Easy + Medium + Hard" as well as the following):

The Unknown

In order to get initial & root access, having to chain multiple vulnerabilities in
various different ways

You might also like