Planning is an easy difficulty Linux machine that features web enumeration, subdomain fuzzing, and exploitation of a vulnerable Grafana instance to CVE-2024-9264. After gaining initial access...

Puppy is a Medium Difficulty machine that features a non-default SMB share called DEV. With the provided credentials for user levi.james, enumeration of the domain is possible. The enumeratio...

Fluffy is an easy-difficulty Windows machine designed around an assumed breach scenario, where credentials for a low-privileged user are provided. By exploiting CVE-2025-24071, the credential...

nocturnal starts by exploiting an idor to get a set of credentials that gives us access to an admin panel on the website. After that we exploit a command injection to get initial foothold. Af...

On Office we begin by exploiting an information disclosure in Joomla to get a password, we get a list of usernames with kerbrute and perform password spray for valid credentials. We get acces...

vintage start by exploiting a computer to read gmsa password of a machine account that can add itself to a group who has generic write over 3 service accounts. We perform a targeted kerberos ...

User Enumeration nxc smb 10.10.10.10 -u user -p password --users nxc smb 10.10.10.10 -u user -p password --rid-brute rpcclient $> enumdomusers SMB Smb authentication. nxc smb 10...

On Blackfield I start by dumping users and making a list to perform as-rep roasting attacking, we crack the hash of one user who can change the password of another user. The latter has read p...

On Outdated we start by exploiting a remote code execution vulnerability in MSDT to get a reverse shell. After that we perform shadow credentials attack to obtain the hash of a user. The latt...

On Trick We exploit a sql injection to bypass a login page, the use the same vulnerability to read files on the system exposing subdomain. The latter is running a website vulnerable to LFI al...