Introduction In this walkthrough, we explore Giddy, a medium-difficulty Windows machine that demonstrates how a low-privileged SQL Server login can be leveraged to compromise the SQL Server servic...

Introduction In this walkthrough, we exploit an authenticated remote code execution (RCE) vulnerability in Gitea version 1.7.5 to gain an initial foothold on the target machine. After successful e...

Introduction In this walkthrough, we target a vulnerable instance of rConfig to achieve remote code execution. By leveraging a known vulnerability in the application, we are able to upload a malic...

Introduction In this walkthrough, we exploit Magic, an easy-difficulty Linux machine hosting a custom web application. The initial attack vector is a SQL injection vulnerability in the login form,...

Introduction In this walkthrough, I exploited Querier, a medium-difficulty Windows machine. Initial enumeration revealed a world-readable SMB share containing an Excel spreadsheet with macros. Upo...

Introduction In this walkthrough, I exploited Networked, an easy-difficulty Linux machine vulnerable to a file upload bypass, which enabled me to upload a reverse shell and gain initial code execu...

Introduction In this walkthrough, I worked on Broker, an easy-difficulty Linux machine running a vulnerable version of Apache ActiveMQ. During enumeration, I identified the version in use and disc...

Introduction In this walkthrough, I gained remote code execution by chaining together a misconfigured Redis instance and an anonymous FTP service. The Redis server had the MODULE LOAD capability e...

Introduction In this walkthrough, I worked on Mailing, an easy-difficulty Windows machine running hMailServer. The machine also hosts a website vulnerable to Path Traversal. I exploited this vulne...

Introduction In this walkthrough, I exploited a Subrion CMS instance that was vulnerable to an authenticated file upload bypass, which allowed me to upload a malicious PHP file and achieve remote ...