Cap is an easy difficulty Linux machine running an HTTP server that performs administrative functions including performing network captures. Improper controls result in Insecure Direct Object Refer...

GreenHorn is an easy difficulty machine that takes advantage of an exploit in Pluck to achieve Remote Code Execution and then demonstrates the dangers of pixelated credentials. The machine also sho...

PermX is an Easy Difficulty Linux machine featuring a learning management system vulnerable to unrestricted file uploads via CVE-2023-4220. This vulnerability is leveraged to gain a foothold on the...

Editorial is an easy difficulty Linux machine that features a publishing web application vulnerable to Server-Side Request Forgery (SSRF). This vulnerability is leveraged to gain access to an inter...

Learnt / Summary Always write something in a test file… Recon Nmap # Nmap 7.94SVN scan initiated Sun Jun 16 01:37:11 2024 as: nmap -sVC --version-all -T4 -Pn -vv -oA ./nmap/full_tcp_scan -...

Learnt / Summary Instead of using plugin exploits recommended by wpscan, just get the plugin’s version then google to find most-used exploits Recon Hosts ┌──(bravosec㉿fsociety)-[~/Offsec/pg...

Learnt / Summary If the machine’s kernel is very old <=4.x and have gcc installed, it’s 90% kernel exploit for pirvesc Recon Nmap # Nmap 7.94SVN scan initiated Fri Jun 14 17:50:53 2024 ...

Learnt / Summary Couldn’t enumerate usernames? Check strings carefully on every web pages that could be a person Identify database related functions, fuzz SQLI payloads bcrypt hash? Not cra...

Learnt / Summary Default credentials doesn’t work? Google the default username and brute force with default-credentials.txt Recon Nmap # Nmap 7.94SVN scan initiated Tue Jun 11 16:36:18 202...

Learnt / Summary Recon Nmap # Nmap 7.94SVN scan initiated Tue Jun 11 14:01:36 2024 as: nmap -sVC --version-all -T4 -Pn -vv -oA ./nmap/full_tcp_scan -p 22,80,88,110,995, 192.168.239.128 Wa...

BoardLight is an easy difficulty Linux machine that features a Dolibarr instance vulnerable to CVE-2023-30253. This vulnerability is leveraged to gain access as www-data. After enumerating and dump...

SolarLab is a medium Windows machine that starts with a webpage featuring a business site. Moreover, an SMB share is accessible using a guest session that holds files with sensitive information for...

Mailing is an easy Windows machine that runs hMailServer and hosts a website vulnerable to Path Traversal. This vulnerability can be exploited to access the hMailServer configuration file, revealin...

Runner is a medium difficulty Linux box that contains a vulnerability (CVE-2023-42793) in TeamCity. This vulnerability allows users to bypass authentication and extract an API token, which can be u...

IClean is a medium-difficulty Linux machine featuring a website for a cleaning services company. The website contains a form where users can request a quote, which is found to be vulnerable to Cros...