TombWatcher Enumeration nmap We start an Nmap scan using the following command: sudo nmap -sC -sV -T4 {target_IP}. -sC: run all the default scripts. -sV: Find the versio...

Intelligence is a medium difficulty Windows machine that showcases a number of common attacks in an Active Directory environment. After retrieving internal PDF documents stored on the web ser...

Support is an Easy difficulty Windows machine that features an SMB share that allows anonymous authentication. After connecting to the share, an executable file is discovered that is used to ...

Planning is an easy difficulty Linux machine that features web enumeration, subdomain fuzzing, and exploitation of a vulnerable Grafana instance to CVE-2024-9264. After gaining initial access...

Puppy is a Medium Difficulty machine that features a non-default SMB share called DEV. With the provided credentials for user levi.james, enumeration of the domain is possible. The enumeratio...

Fluffy is an easy-difficulty Windows machine designed around an assumed breach scenario, where credentials for a low-privileged user are provided. By exploiting CVE-2025-24071, the credential...

nocturnal starts by exploiting an idor to get a set of credentials that gives us access to an admin panel on the website. After that we exploit a command injection to get initial foothold. Af...

On Office we begin by exploiting an information disclosure in Joomla to get a password, we get a list of usernames with kerbrute and perform password spray for valid credentials. We get acces...

vintage start by exploiting a computer to read gmsa password of a machine account that can add itself to a group who has generic write over 3 service accounts. We perform a targeted kerberos ...

User Enumeration nxc smb 10.10.10.10 -u user -p password --users nxc smb 10.10.10.10 -u user -p password --rid-brute rpcclient $> enumdomusers SMB Smb authentication. nxc smb 10...