Soulmate is an easy difficulty Linux machine that showcases exploitation of CVE-2025-31161, an authentication bypass vulnerability in CrushFTP, allowing players to access an admin user account. By ...

Conversor is an easy-difficulty Linux machine featuring a web application that converts XML documents into visually formatted HTML documents using XSLT stylesheets. By registering an account and re...

Signed is a medium-difficulty Windows machine that demonstrates the exploitation of an MSSQL server by extracting the NTLMv2 hash of the service account running the instance and cracking the hash t...

Recon Hosts pt command is a custom pentest framework to manage hosts and variables, it is not required to reproduce the steps in this writeup ┌──(bravosec㉿fsociety)-[~/htb/DarkZero] └─$ pt ...

Imagery is a medium-difficulty Linux machine that involves gaining admin access via exploiting a blind XSS. With admin privileges, the attacker exploits arbitrary file read to read sensitive files ...

Expressway is an easy-difficulty Linux machine that demonstrates enumeration and exploits the IKE service, a component of the IPsec framework. Upon leaking the Pre-Shared key of the service and cra...

Previous is a medium-difficulty Linux machine that features a web application vulnerable to CVE-2025-29927, an authorization bypass vulnerability in the Next.js authentication middleware, allowing ...

CodePartTwo is an Easy Linux machine that features a vulnerable Flask-based web application. Initial web enumeration reveals a JavaScript code editor powered by a vulnerable version of js2py, which...

Editor is an easy-difficulty Linux machine that focuses on web application exploitation followed by local privilege escalation. Initial enumeration reveals a web application exposing an XWiki insta...

Strutted is an medium-difficulty Linux machine featuring a website for a company offering image hosting solutions. The website provides a Docker container with the version of Apache Struts that is ...

RustyKey is a hard difficulty Windows Machine which showcases a Timeroasting Attack, Active Directory ACL abuse following Windows Group Policy Enumeration to abuse the 7-Zip Shell Extension. For Pr...

Outbound is an easy-difficulty Linux machine with provided assumed breach credentials. The credentials provide access to a Roundcube instance, where the user can enumerate the version and utilize C...

Voleur is a medium difficulty Windows machine designed around an assumed breach scenario, where the attacker is provided with low-privileged user credentials. Start by cracking encrypted excel shee...

Haze is a hard difficulty Windows machine focused on web exploitation, domain abuse, and Windows privilege escalation. Initial access is gained by exploiting a Splunk Arbitrary File Read (CVE-2024-...

Artificial is an easy-difficulty Linux machine that showcases exploiting a web application used to run AI models with Tensorflow and the Backrest web UI by abusing the backup and restore functional...