Introduction While working on the hard-rated Windows machine Backfield, I began by accessing an SMB share anonymously, which let me enumerate domain users. I identified a user account with Kerbero...

Introduction In this guide, I worked on an easy-rated Linux machine named Busqueda. I started by exploiting a command injection vulnerability in a Python module, which gave me initial access as a ...

Introduction In this guide, I exploited a vulnerable file upload feature in combination with a Local File Inclusion (LFI) vulnerability to upload a crafted malicious .php file and access it using ...

Introduction In this guide, I targeted a Windows machine named Love, which hosts a vulnerable voting system application. During port scanning, I discovered a service running on port 5000, but dire...

Introduction In this walkthrough, I tackled Cicada, an easy Windows machine focused on Active Directory enumeration and privilege escalation. I began by enumerating the domain and identifying vali...

Introduction In this walkthrough, I tackled the ServMon machine, an easy-rated Windows target. The HTTP server was running NVMS-1000, which was vulnerable to a Local File Inclusion (LFI) vulnerabi...

Introduction In this walkthrough, I tackled the Buff machine, which had an exposed Gym Management System 1.0 vulnerable to unauthenticated remote code execution. I exploited this flaw to gain init...

Introduction In this walkthrough, I worked on an intermediate-level Linux machine. Port 80 was open, and while exploring it, I discovered a virtual host running the Simple Online Planning Tool v1....

Introduction In this walkthrough, I identified that ports 22 and 80 were open on the target machine. Navigating to port 80, I discovered a phpinfo.php page, which disclosed the SPX version and its...

Introduction In this walkthrough, I tackled Jarvis, a medium-difficulty Linux machine. It starts with a web server that includes DoS and brute-force protection mechanisms. By identifying a manuall...