Introduction In this walkthrough, I explore Arctic, an easy-level Windows machine with a relatively simple exploitation path. I began by analyzing the web server’s behavior and pinpointing a vulne...

Introduction In this walkthrough, we target a support ticketing system running on the machine, which uses default credentials. After logging in, we discover cleartext credentials within the interf...

Introduction In this walkthrough, we exploit the target by abusing an API functionality in a web application that lacks proper input validation. This flaw allows us to upload and execute a malicio...

Introduction In this walkthrough, we explore Giddy, a medium-difficulty Windows machine that demonstrates how a low-privileged SQL Server login can be leveraged to compromise the SQL Server servic...

Introduction In this walkthrough, we exploit an authenticated remote code execution (RCE) vulnerability in Gitea version 1.7.5 to gain an initial foothold on the target machine. After successful e...

Introduction In this walkthrough, we target a vulnerable instance of rConfig to achieve remote code execution. By leveraging a known vulnerability in the application, we are able to upload a malic...

Introduction In this walkthrough, we exploit Magic, an easy-difficulty Linux machine hosting a custom web application. The initial attack vector is a SQL injection vulnerability in the login form,...

Introduction In this walkthrough, I exploited Querier, a medium-difficulty Windows machine. Initial enumeration revealed a world-readable SMB share containing an Excel spreadsheet with macros. Upo...

Introduction In this walkthrough, I exploited Networked, an easy-difficulty Linux machine vulnerable to a file upload bypass, which enabled me to upload a reverse shell and gain initial code execu...

Introduction In this walkthrough, I worked on Broker, an easy-difficulty Linux machine running a vulnerable version of Apache ActiveMQ. During enumeration, I identified the version in use and disc...