I'm surprised I didn't find this one sooner.  I was working my way through the Kioptrix series but alas, the final box is from a different hypervisor and while I was able to import it, I could not get networking to function.  One day I will setup another machine to work on these other systems but for now, I continue finding lists of must-do boxes.  Vulnix has been around for a while but I've never crossed paths with it.

This is a fun box.  It is probably more real world than the CTF style boxes because its vulnerability stems from a misconfiguration which is more likely than you might think.  

First, let me say that while I've used this password manager on occasion for various reasons, this is not what I use personally.  If we're making a recommendation, we like 1Password.  But if we're looking for a completely free password manager that doesn't require logging into a website, KeePass is a solid option.  It's a no frills password manager that does exactly what you'd expect it to do -- store passwords.  

As far as I can tell, KeePass doesn't have native browser integration although there are Chrome and Firefox extensions available.  I can't speak to their reliability or their security.  Assuming we're just trying to get off of Excel as our password manager and we just want to move to something a little more secure and robust, without further ado -- KeePass...

I almost titled this blog something that would give away the exploit but then I realized someone might be passing by to get a hint.  Without giving away the privilege escalation -- the first time I used this exploit, I felt like a l33t h4xor.  I'm not.  I just felt like one because it's more than just compile, execute, root.  I've only used it a few times but I like it.  There's a quicker way to root this box but it's worth doing the longer way especially because it didn't go as planned and there's a slight modification that makes it work anyway.  

Continuing on with the Kioptrix Series, this is Kioptrix 1.3 (#4), the fourth from this author (group?).  This is a big jump up from the first three in terms of difficulty, IMO.