THM: Archangel is fun easy box that has involves one of my favorite techniques: escalating LFI to RCE by poisoning a log file. Once we have a shell we’ll take advantage of open permissions on a file running as cronjob to pivot to another user. And we’ll finish with a path injection attack to root the box.

Zeno is a medium difficulty Linux box with a vulnerable web application we’ll exploit to get a shell. With a bit more enumeration we’ll find credentials for a user account to get the first flag. Finally we’ll abuse a misconfiguration of a service file to escalate privileges to root.