Monitored is a medium-difficulty Linux machine that features a Nagios instance. Credentials for the service are obtained via the SNMP protocol, which reveals a username and password combination pro...

OpenAdmin is an easy difficulty Linux machine that features an outdated OpenNetAdmin CMS instance. The CMS is exploited to gain a foothold, and subsequent enumeration reveals database credentials. ...

Bizness is an easy Linux machine showcasing an Apache OFBiz pre-authentication, remote code execution (RCE) foothold, classified as [CVE-2023-49070](https://nvd.nist.gov/vuln/detail/CVE-2023-49070)...

Learnt / Summary Recon ┌──(bravosec㉿fsociety)-[~/pgplay/Stapler] └─$ pt init '192.168.205.148 stapler' +---------+--------+-----------------+---------+ | PROFILE | STATUS | IP ...

Learnt / Summary blindly fuzzing parameters won’t work for some cases, make sure to put the right value for different purposes (such as /etc/passwd) Recon ┌──(bravosec㉿fsociety)-[~/pgplay/DC...

Learnt / Summary Stick to the basic, search for public exploits first if any banner/version info found When phpmyadmin is accessible, try all default creds Just try to insert/update user da...

Intelligence is a medium difficulty Windows machine that showcases a number of common attacks in an Active Directory environment. After retrieving internal PDF documents stored on the web server (b...

StreamIO is a medium machine that covers subdomain enumeration leading to an SQL injection in order to retrieve stored user credentials, which are cracked to gain access to an administration panel....

Flight is a hard Windows machine that starts with a website with two different virtual hosts. One of them is vulnerable to LFI and allows an attacker to retrieve an NTLM hash. Once cracked, the obt...

ServMon is an easy Windows machine featuring an HTTP server that hosts an NVMS-1000 (Network Surveillance Management Software) instance. This is found to be vulnerable to LFI, which is used to read...

Jeeves is not overly complicated, however it focuses on some interesting techniques and provides a great learning experience. As the use of alternate data streams is not very common, some users may...

Pandora is an easy rated Linux machine. The port scan reveals a SSH, web-server and SNMP service running on the box. Initial foothold is obtained by enumerating the SNMP service, which reveals clea...

API IWCON 2023 API Solve Foothold The challenge provided a postman collection file cat IWCON_2023_API.postman_collection.json | jq . It includes 2 endpoints {{baseURL}}/api/v2/getUser?usern...

Surveillance is a medium-difficulty Linux machine that showcases a vulnerability ([CVE-2023-41892](https://nvd.nist.gov/vuln/detail/CVE-2023-41892)) in Craft CMS, which abuses PHP object injection ...

Tabby is a easy difficulty Linux machine. Enumeration of the website reveals a second website that is hosted on the same server under a different vhost. This website is vulnerable to Local File Inc...