Categories
Tags
Active Directory Arbitrary File Read BackdropCMS bbot Bookstack CVE-2024-36991 Cypher Injection DPAPI Easy GenericAll GenericWrite Gibbon LMS Gitea GodPotato GPO Hard ImageMagick Insane Kerberos Linux Medium Neo4j Password Spraying Pre2K Pyjail Race Condition RBCD Recycle Bin SeImpersonatePrivilege Shadow Credentials Splunk Targeted ASREProasting Teampass TOTP Windows WriteOwner
Haze
2025-03-31
Haze is a challenging Active Directory machine characterized by vulnerable Splunk installation and security configurations. The machine involves CVE-2024-36991, decrypting Splunk secret, exploiting multiple ACL/ACE vulnerabilities, and abusing SeImpersonatePrivilege.
2492 words
|
12 minutes

Code
Code is an easy Linux machine that demonstrates a Python Jail / Sandbox escape and privilege escalation from backy program.
682 words
|
3 minutes

TheFrizz
TheFrizz is a medium Windows machine. The box involves attacking a domain controller using Kerberos authentication, abusing Group Policy Objects (GPO), and leveraging the Recycle Bin. The attack path includes exploiting CVE-2023-45878 on Gibbon LMS, obtaining credentials, manipulating GPO settings, and finally achieving system access.
1635 words
|
8 minutes

Dog
Dog is an easy Linux machine that demonstrates exposed Git repository, vulnerable Backdrop CMS installation, and privilege escalation through Backdrop CMS bee utility program.
586 words
|
3 minutes

Cypher
Cypher is a medium-difficulty box that demonstrates Cypher injection, JAR file reversing, and privilege escalation through bbot.
956 words
|
5 minutes

Checker
Checker is a challenging machine that demonstrates CVE-2023-1545 on Teampass, CVE-2023-6199 on BookStack, the use of Google Authenticator as SSH TOTP, and a race condition on shared memory for privilege escalation.
2842 words
|
14 minutes

Titanic
Titanic is an easy Linux machine that demonstrates a basic Arbitrary File Read vulnerability, Gitea hash cracking, and exploitation of a vulnerable version of ImageMagick.
840 words
|
4 minutes
