Introduction Poison is an easy-rated Linux machine that begins with a classic Local File Inclusion (LFI) vulnerability. I exploited the LFI via log poisoning, injecting PHP code into the logs and ...

Introduction On the easy-rated Linux machine BoardLight, I discovered a Dolibarr application vulnerable to CVE-2023-30253 (XSS leading to RCE). Exploiting it granted me a shell as www-data. By ins...

Introduction On the medium-difficulty Windows domain machine Administrator, I started with low-privileged user credentials. Enumerating ACLs revealed that olivia had GenericAll permissions on mich...

Introduction While working on the hard-rated Windows machine Backfield, I began by accessing an SMB share anonymously, which let me enumerate domain users. I identified a user account with Kerbero...

Introduction In this guide, I worked on an easy-rated Linux machine named Busqueda. I started by exploiting a command injection vulnerability in a Python module, which gave me initial access as a ...

Introduction In this guide, I exploited a vulnerable file upload feature in combination with a Local File Inclusion (LFI) vulnerability to upload a crafted malicious .php file and access it using ...

Introduction In this guide, I targeted a Windows machine named Love, which hosts a vulnerable voting system application. During port scanning, I discovered a service running on port 5000, but dire...

Introduction In this walkthrough, I tackled Cicada, an easy Windows machine focused on Active Directory enumeration and privilege escalation. I began by enumerating the domain and identifying vali...

Introduction In this walkthrough, I tackled the ServMon machine, an easy-rated Windows target. The HTTP server was running NVMS-1000, which was vulnerable to a Local File Inclusion (LFI) vulnerabi...

Introduction In this walkthrough, I tackled the Buff machine, which had an exposed Gym Management System 1.0 vulnerable to unauthenticated remote code execution. I exploited this flaw to gain init...