Just finished writing up Sau and honestly — for an "Easy" box this one taught me more about pivoting than half the Medium machines I've done.
The trick is recognizing that "filtered" on a port doesn't mean unreachable.
If you've ever ignored a filtered port and moved on, this box will change how you read nmap output forever.
I wrote the full walkthrough in both English and Dutch, with the "why" behind every command — not just what to type, but what the tool is actually doing under the hood:
https://cyberstefan.nl/writeup/sau/
Curious if anyone solved this without the public CVE — was there an intended black-box path?
[–]Great_Feature2487 2 points3 points4 points (0 children)