PG Play - DriftingBlues6
In this lab, you will exploit Textpattern CMS 4.8.3, which is vulnerable to Remote Code Execution (RCE), to gain an initial foothold. You will then escalate privileges by leveraging a Dirty COW ker...
In this lab, you will exploit Textpattern CMS 4.8.3, which is vulnerable to Remote Code Execution (RCE), to gain an initial foothold. You will then escalate privileges by leveraging a Dirty COW ker...
This lab requires you to exploit an SQL Injection vulnerability in a monitoring web application to leak hashed credentials, crack them, and gain system access via SSH. Privilege escalation is achie...
In this lab, we exploit an authenticated remote code execution vulnerability in the Nagios XI monitoring software. The application is misconfigured to run with root privileges, allowing us to escal...
The target is compromised via Remote Code Execution (RCE) in CuteNews v2.1.2 through a vulnerable avatar upload feature. Privilege escalation is achieved by abusing SUID permissions on /usr/sbin/hp...
BoardLight is an easy difficulty Linux machine that features a Dolibarr instance vulnerable to CVE-2023-30253. This vulnerability is leveraged to gain access as www-data. After enumerating and dump...
SolarLab is a medium Windows machine that starts with a webpage featuring a business site. Moreover, an SMB share is accessible using a guest session that holds files with sensitive information for...
Mailing is an easy Windows machine that runs hMailServer and hosts a website vulnerable to Path Traversal. This vulnerability can be exploited to access the hMailServer configuration file, revealin...
Runner is a medium difficulty Linux box that contains a vulnerability (CVE-2023-42793) in TeamCity. This vulnerability allows users to bypass authentication and extract an API token, which can be u...
IClean is a medium-difficulty Linux machine featuring a website for a cleaning services company. The website contains a form where users can request a quote, which is found to be vulnerable to Cros...
Usage is an easy Linux machine that features a blog site vulnerable to SQL injection, which allows the administrator's hashed password to be dumped and cracked. This leads to access to...
Headless is an easy-difficulty Linux machine that features a Python Werkzeug server hosting a website. The website has a customer support form, which is found to be vulnerable to blind Cross-Site S...
Perfection is an easy Linux machine that features a web application with functionality to calculate student scores. This application is vulnerable to Server-Side Template Injection (SSTI) via regex...
Office is a hard-difficulty Windows machine featuring various vulnerabilities including Joomla web application abuse, PCAP analysis to identify Kerberos credentials, abusing LibreOffice macros afte...
Crafty is an easy-difficulty Windows machine featuring the exploitation of a Minecraft server. Enumerating the version of the server reveals that it is vulnerable to pre-authentication Remote Code ...
Magic is an easy difficulty Linux machine that features a custom web application. A SQL injection vulnerability in the login form is exploited, in order to bypass the login and gain access to an up...