This machine involves exploiting multiple vulnerabilities in a wallpaper-sharing application to achieve full system compromise. An insecure file upload functionality allows access to sensitive serv...

This machine starts with discovering a Git repository exposed on the web server that contains hardcoded database credentials. Those credentials provide access to the MySQL database, where the appli...

Spider Society is an easy Linux box on Offensive Security’s Proving Grounds that involves enumerating a web server and FTP service to gain an initial foothold, then escalating to root by abusing a ...

Boardlight begins with a Dolibarr CMS instance. I’ll authenticate using default credentials and exploit a vulnerability that allows writing raw PHP code into pages to gain an initial foothold. From...

Forest is an easy Windows machine. It is a domain controller that allows us to enumerate users over RPC, attack Kerberos with AS-REP Roasting for a service account, and gain an initial foothold. Th...

Authority is a Windows Domain Controller. We accessed open SMB shares and found some Ansible playbooks. From there, we cracked some encrypted fields to extract credentials for a PWM instance.The ...

Shoppy was a easy linux machine, which was vulnerable to NOSQL injection. Exploiting NOSQL injection, we  got password hash of all users. After cracking the hash of one user, the Mattermost serve...

Photobomb was a easy rated linux box, where plaintext credentials was discovered after viewing the source code. These credentials then lead to a webpage with download  functionality that was vuln...

Querier was a medium box that involved retrieving MSSQL database credentials after analyzing macro-enabled Excel workbook. These credentials were then used to establish a connection to the MSSQL ...

Heist was an easy box that involved some password cracking and dumping Firefox’s processes.At first, we found a Cisco configuration file on the website that contained usernames and password hashe...