Introduction In this walkthrough, I tackled Access, an easy-level Windows machine that demonstrates how devices tied to physical security can have poor digital security hygiene. I started by conne...

Introduction In this walkthrough, I tackled Flight, a challenging Windows machine that begins with a web application hosted on two virtual domains. I discovered that one of the virtual hosts was v...

Introduction In this walkthrough, I explore Arctic, an easy-level Windows machine with a relatively simple exploitation path. I began by analyzing the web server’s behavior and pinpointing a vulne...

Introduction In this walkthrough, we target a support ticketing system running on the machine, which uses default credentials. After logging in, we discover cleartext credentials within the interf...

Introduction In this walkthrough, we exploit the target by abusing an API functionality in a web application that lacks proper input validation. This flaw allows us to upload and execute a malicio...

Introduction In this walkthrough, we explore Giddy, a medium-difficulty Windows machine that demonstrates how a low-privileged SQL Server login can be leveraged to compromise the SQL Server servic...

Introduction In this walkthrough, we exploit an authenticated remote code execution (RCE) vulnerability in Gitea version 1.7.5 to gain an initial foothold on the target machine. After successful e...

Introduction In this walkthrough, we target a vulnerable instance of rConfig to achieve remote code execution. By leveraging a known vulnerability in the application, we are able to upload a malic...

Introduction In this walkthrough, we exploit Magic, an easy-difficulty Linux machine hosting a custom web application. The initial attack vector is a SQL injection vulnerability in the login form,...

Introduction In this walkthrough, I exploited Querier, a medium-difficulty Windows machine. Initial enumeration revealed a world-readable SMB share containing an Excel spreadsheet with macros. Upo...