Codify is an easy Linux machine that features a web application that allows users to test Node.js code. The application uses a vulnerable vm2 library, which is leveraged to gain remote code executi...

Redis Server No Password thm@ip-10-10-131-119:~$ ss -ltnp|grep 0.0.0.0 LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0...

Beep has a very large list of running services, which can make it a bit challenging to find the correct entry method. This machine can be overwhelming for some as there are many potential attack ve...

Legacy is a fairly straightforward beginner-level machine which demonstrates the potential security risks of SMB on Windows. Only one publicly available exploit is required to obtain administrator ...

Info This CTF was held by Snyk, and it was mostly around Web challenges My goal was to finish 10+ challenges Summary Certificate Team scoreboard Personal Stats Personal Solves W...

Recon Nmap # Nmap 7.94 scan initiated Tue Oct 24 09:46:26 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/Clicker/results/clicker.htb/scans/_fu...

Forensics Trick or Treat Analyze malicious windows lnk file .\LECmd.exe -f "D:\kali-share\ctf\hacktheboo-2023\Trick or Treat\trick_or_treat\trick_or_treat.lnk" Name: Trick or treat Working D...

Notes Best score Tools Copilot General Prompt Jailbreak XXX Python packages pip install pycryptodome Crypto Hexoding Copilot can do this from base64 import b64decode HEX_...

Manager is a medium difficulty Windows machine which hosts an Active Directory environment with AD CS (Active Directory Certificate Services), a web server, and an SQL server. The foothold involves...

RedPanda is an easy Linux machine that features a website with a search engine made using the Java Spring Boot framework. This search engine is vulnerable to Server-Side Template Injection and can ...

Analytics is an easy difficulty Linux machine with exposed HTTP and SSH services. Enumeration of the website reveals a Metabase instance, which is vulnerable to Pre-Authentication Remote Code Execu...

Info What is Huntress CTF? Huntress CTF is a beginner friendly CTF hosted by @JohnHammond and huntress Team This is a place where beginners can enjoy and learn things The challen...

Visual is a Medium Windows machine featuring a web service that accepts user-submitted .NET 6.0 project repositories, building and returning the executables. By setting up a local Git repository co...

Sense, while not requiring many steps to complete, can be challenging for some as the proof of concept exploit that is publicly available is very unreliable. An alternate method using the same vuln...

Nibbles is a fairly simple machine, however with the inclusion of a login blacklist, it is a fair bit more challenging to find valid credentials. Luckily, a username can be enumerated and guessing ...