Lab Update: 2 Lucky V2

Today we’ve updated lab machine 2 Lucky to V2 on all the Virtual Hacking Labs lab environments as part of the VHL 2022 Lab Refresh. The V2 version of this advanced level machine is now available on all lab environments and the lab dashboard.

What has changed?

The original Lucky lab machine was introduced at the start of the Virtual Hacking Labs platform and could therefore use an update. For this lab machine we have updated the OS to mitigate a range of kernel vulnerabilities and also a few vulnerabilities affecting a large number of Linux distros (such as CVE-2021-4034) and a well-known Samba vulnerability. The intended exploitation path for version 1 of this machine involved exploitation of a kernel vulnerability for privilege escalation to root. As the kernel of version 2 has been updated this machine can no longer be completed using kernel exploits at the time of writing this post. The new intended way for privilege escalation on Luck was also the reason to update the Privilege Escalation for Linux chapter with a new method involving loading shared libraries.

What about the VHL Certificate of Completion?

It does not matter which version you submit in your report for the VHL Certificate of Completion, this can be the old version 1 or the new version 2 of Lucky. If you have already completed the old version of this machine you can complete it again if you like, but it is not mandatory.

Which Lab machine is next?

The next lab machine to get a refresh is 35 – CMS02. We expect version 2 of this machine to be launched on all VHL lab environments in August 2022.