GoodGames is an Easy linux machine that showcases the importance of sanitising user inputs in web applications to prevent SQL injection attacks, using strong hashing algorithms in database structur...

Sauna is an easy difficulty Windows machine that features Active Directory enumeration and exploitation. Possible usernames can be derived from employee full names listed on the website. With these...

Recon Nmap User www-data@ubuntu-bionic:/var/www/html$ cat /home/www-data/.../look.txt Super Secure Password => ctfbros:WTBCT1dUQjFVR3hBZVZSb0lYTmpWR1kv ┌──(bravosec㉿fsociety)-[~/thm/An...

Snoopy is a Hard Difficulty Linux machine that involves the exploitation of an LFI vulnerability to extract the configuration secret of Bind9. The obtained secret allows the redirection of the mail...

Topology is an Easy Difficulty Linux machine that showcases a LaTeX web application susceptible to a Local File Inclusion (LFI) vulnerability. Exploiting the LFI flaw allows for the retrieval of an...

Recon ┌──(bravosec㉿fsociety)-[~/thm/Wekor] └─$ writehosts thm '10.10.249.113 wekor.thm site.wekor.thm' +---------+--------+---------------+----------------+ | PROFILE | STATUS | IP | ...

Optimum is a beginner-level machine which mainly focuses on enumeration of services with known exploits. Both exploits are easy to obtain and have associated Metasploit modules, making this machine...

Wifinetic is an easy difficulty Linux machine which presents an intriguing network challenge, focusing on wireless security and network monitoring. An exposed FTP service has anonymous authenticati...

Intro Only played a little for this my_first_pwnie Info You must be this 👉 high to ride. Author: ElykDeer Connect with: nc intro.csaw.io 31137 Solve ┌──(bravosec㉿fsociety)-[/media/sf...

Recon Nmap # Nmap 7.94 scan initiated Sat Sep 16 20:47:16 2023 as: nmap -sVC -T4 -Pn -vv -oA ./nmap/full_tcp_scan -p 22,80 10.10.88.25 Nmap scan report for 10.10.88.25 Host is up, received user...

Summary Certificate Statistic Challenges Web Pick Your Starter Info Picking a starter is hard, I hope you can do it. Flag format: PCTF{} Author: @angr404 http://chal...

CozyHosting is an easy-difficulty Linux machine that features a Spring Boot application. The application has the Actuator endpoint enabled. Enumerating the endpoint leads to the discovery of a user...

Zipping is a medium-difficulty Linux machine that features a variety of attack vectors. This machine starts off by identifying a file upload capability within the web application that is vulnerable...

Summary Certificate Statistics My Solves Osint Excellent Vista! Info What a nice spot to stop,lookout and watch time go by, EXAMINE the image and discover where this was taken. NOTE...

https://tryhackme.com/room/lessonlearned Info This is a relatively easy machine that tries to teach you a lesson, but perhaps you’ve already learned the lesson? Let’s find out. Treat this box a...