Introduction On this intermediate-level PG practice Linux box, I discovered email-related ports (SMTP, IMAP, POP3) were open. Using SMTP user enumeration, I harvested valid usernames and then perf...

Introduction On this hard PG practice Linux box, I discovered a Cassandra Web interface vulnerable to Local File Inclusion (LFI). Using LFI, I extracted the FreeSWITCH event_socket password and ga...

Introduction On this intermediate-level PG Practice Linux box, I identified a vulnerable TeamCity instance. After enabling debug mode, I exploited it to gain a reverse shell. While enumerating, I ...

Introduction On this intermediate PG Practice Linux box, I discovered a vulnerable LimeSurvey instance, which I exploited to gain initial access. During enumeration, I found plaintext credentials ...

Introduction On this intermediate-level Linux machine from PG Practice, I identified a file upload vulnerability that, when chained with directory traversal and Local File Inclusion (LFI), allowed...

Introduction EscapeTwo is an easy difficulty Windows Active Directory machine focused on chained misconfigurations leading to domain compromise. The scenario starts with provided credentials for a...

Introduction CozyHosting is an easy-difficulty Linux machine featuring a vulnerable Spring Boot application with the Actuator endpoint exposed. By enumerating this endpoint, a user session cookie ...

Introduction Poison is an easy-rated Linux machine that begins with a classic Local File Inclusion (LFI) vulnerability. I exploited the LFI via log poisoning, injecting PHP code into the logs and ...

Introduction On the easy-rated Linux machine BoardLight, I discovered a Dolibarr application vulnerable to CVE-2023-30253 (XSS leading to RCE). Exploiting it granted me a shell as www-data. By ins...

Introduction On the medium-difficulty Windows domain machine Administrator, I started with low-privileged user credentials. Enumerating ACLs revealed that olivia had GenericAll permissions on mich...