Irked is a pretty simple and straight-forward box which requires basic enumeration skills. It shows the need to scan all ports on machines and to investigate any out of the place binaries found whi...

Cascade is a medium difficulty Windows machine configured as a Domain Controller. LDAP anonymous binds are enabled, and enumeration yields the password for user r.thompson, which gives access to a ...

Web dicedicegoose Info Foothold Given a game to let the dice (aka player) chase the black block (aka goose) The game was written in javascript at front end The player and goose’s position...

Pov is a medium Windows machine that starts with a webpage featuring a business site. Enumerating the initial webpage, an attacker is able to find the subdomain dev.pov.htb. Navigating to the newly...

Recon ┌──(bravosec㉿fsociety)-[~/thm/Umbrella] └─$ pt init '10.10.104.119 Umbrella' +----------+--------+---------------+----------+ | PROFILE | STATUS | IP | DOMAIN | +----------+---...

Bastard is not overly challenging, however it requires some knowledge of PHP in order to modify and use the proof of concept required for initial entry. This machine demonstrates the potential seve...

CronOS focuses mainly on different vectors for enumeration and also emphasises the risks associated with adding world-writable files to the root crontab. This machine also includes an introductory-...

Monitored is a medium-difficulty Linux machine that features a Nagios instance. Credentials for the service are obtained via the SNMP protocol, which reveals a username and password combination pro...

OpenAdmin is an easy difficulty Linux machine that features an outdated OpenNetAdmin CMS instance. The CMS is exploited to gain a foothold, and subsequent enumeration reveals database credentials. ...

Bizness is an easy Linux machine showcasing an Apache OFBiz pre-authentication, remote code execution (RCE) foothold, classified as [CVE-2023-49070](https://nvd.nist.gov/vuln/detail/CVE-2023-49070)...

Learnt / Summary Recon ┌──(bravosec㉿fsociety)-[~/pgplay/Stapler] └─$ pt init '192.168.205.148 stapler' +---------+--------+-----------------+---------+ | PROFILE | STATUS | IP ...

Learnt / Summary blindly fuzzing parameters won’t work for some cases, make sure to put the right value for different purposes (such as /etc/passwd) Recon ┌──(bravosec㉿fsociety)-[~/pgplay/DC...

Learnt / Summary Stick to the basic, search for public exploits first if any banner/version info found When phpmyadmin is accessible, try all default creds Just try to insert/update user da...

Intelligence is a medium difficulty Windows machine that showcases a number of common attacks in an Active Directory environment. After retrieving internal PDF documents stored on the web server (b...

StreamIO is a medium machine that covers subdomain enumeration leading to an SQL injection in order to retrieve stored user credentials, which are cracked to gain access to an administration panel....