Lfi

The Evasion machine is vulnerable to LFI with filter bypass, session poisoning for RCE, crontab, and privilege escalation via sudo.

The application has vulnerabilities of Local File Inclusion (LFI), Remote Code Execution (RCE) via Jenkins, and privilege escalation using a SUID binary.

The Poisoning machine has an LFI vulnerability exploited with Log Poisoning for RCE execution, followed by privilege escalation using Python with cap_setuid+ep capability for root.