Introduction EscapeTwo is an easy difficulty Windows Active Directory machine focused on chained misconfigurations leading to domain compromise. The scenario starts with provided credentials for a...

Introduction CozyHosting is an easy-difficulty Linux machine featuring a vulnerable Spring Boot application with the Actuator endpoint exposed. By enumerating this endpoint, a user session cookie ...

Introduction Poison is an easy-rated Linux machine that begins with a classic Local File Inclusion (LFI) vulnerability. I exploited the LFI via log poisoning, injecting PHP code into the logs and ...

Introduction On the easy-rated Linux machine BoardLight, I discovered a Dolibarr application vulnerable to CVE-2023-30253 (XSS leading to RCE). Exploiting it granted me a shell as www-data. By ins...

Introduction On the medium-difficulty Windows domain machine Administrator, I started with low-privileged user credentials. Enumerating ACLs revealed that olivia had GenericAll permissions on mich...

Introduction While working on the hard-rated Windows machine Backfield, I began by accessing an SMB share anonymously, which let me enumerate domain users. I identified a user account with Kerbero...

Introduction In this guide, I worked on an easy-rated Linux machine named Busqueda. I started by exploiting a command injection vulnerability in a Python module, which gave me initial access as a ...

Introduction In this guide, I exploited a vulnerable file upload feature in combination with a Local File Inclusion (LFI) vulnerability to upload a crafted malicious .php file and access it using ...

Introduction In this guide, I targeted a Windows machine named Love, which hosts a vulnerable voting system application. During port scanning, I discovered a service running on port 5000, but dire...

Introduction In this walkthrough, I tackled Cicada, an easy Windows machine focused on Active Directory enumeration and privilege escalation. I began by enumerating the domain and identifying vali...