Socket is a Medium Difficulty Linux machine that features reversing a Linux/Windows desktop application to get its source code, from where an SQL injection in its web socket service is discovered. ...

Inject is an Easy Difficulty Linux machine featuring a website with file upload functionality vulnerable to Local File Inclusion (LFI). By exploiting the LFI vulnerability, files on the system can ...

Ambassador is a medium difficulty Linux machine addressing the issue of hard-coded plaintext credentials being left in old versions of code. Firstly, a Grafana CVE ( CVE-2021-43798) is used to read...

UpDown is a medium difficulty Linux machine with SSH and Apache servers exposed. On the Apache server a web application is featured that allows users to check if a webpage is up. A directory named ...

Squashed is an Easy Difficulty Linux machine that features a combination of both identifying and leveraging misconfigurations in NFS shares through impersonating users. Additionally, the box incorp...

Precious is an Easy Difficulty Linux machine, that focuses on the Ruby language. It hosts a custom Ruby web application, using an outdated library, namely pdfkit, which is vulnerable to CVE-2022-25...

https://tryhackme.com/room/mrrobot Information Gathering Nmap ┌──(root㉿kali)-[~] └─# nmap -sV -sC -Pn -T4 -p- mrrobot.thm -oA mr_robot Nmap scan report for mrrobot.thm (10.10.17.96) Host is ...

Shoppy is an easy Linux machine that features a website with a login panel and a user search functionality, which is vulnerable to NoSQL injection. It can be exploited to obtain the password hashes...

https://tryhackme.com/room/bsidesgtthompson Enum root@ip-10-10-247-45:~# nmap -sV -sC -Pn 10.10.123.79 -oA thompson Starting Nmap 7.60 ( https://nmap.org ) at 2023-01-02 05:41 GMT Nmap scan rep...

Info Other CTFs from various sources Forensics Keys to the kingdom Info https://ghosttown.deadface.io/ Objective Extract image from pcap Solve Get an insight via network miner Ima...

Photobomb is an easy Linux machine where plaintext credentials are used to access an internal web application with a Download functionality that is vulnerable to a blind command injection. Once a f...

Soccer is an easy difficulty Linux machine that features a foothold based on default credentials, forfeiting access to a vulnerable version of the Tiny File Manager, which in turn leads to a revers...

Notes Only some scripts were noted (I was a super newbie at then) https://github.com/opabravo/balsn-ctf-2022