Lab Update: 35 CMS02 V2

Today we’ve updated lab machine 35 CMS02 to V2 on all the Virtual Hacking Labs lab environments as part of the VHL 2022 Lab Refresh. The V2 version of this Advanced+ level lab machine is now available on all lab environments and the lab dashboard.

What has changed?

The original CMS02 lab machine was introduced at the start of the Virtual Hacking Labs platform and could therefore use an update. For this lab machine we have updated the OS to mitigate a range of kernel vulnerabilities and also a few vulnerabilities affecting a large number of Linux distros. The intended exploitation path for version 1 of this machine involved exploitation of a kernel vulnerability for privilege escalation to root. As the kernel of version 2 has been updated this machine can no longer be completed using kernel exploits at the time of writing this post. The intended way for privilege escalation on CMS02 has been changed slightly.

What about the VHL Certificate of Completion?

It does not matter which version you submit in your report for the VHL Certificate of Completion, this can be the old version 1 or the new version 2 of CMS02. If you have already completed the old version of this machine you can complete it again if you like, but it is not mandatory.

Which Lab machine is next?

The next lab machine to get a refresh is 148 Code. We expect version 2 of this machine to be launched on all VHL lab environments in September 2022.