CCTV - HTB
Easy Linux CCTV machine abusing ZoneMinder and MotionEye flaws through SQL injection and escalation. [Unintended]
Pirate - HTB
Windows Active Directory challenge centered on delegation, Kerberos, and privilege escalation workflows.
Valid User (No Password)
Valid User (No Password) techniques and commands for Active Directory security assessment.
Trusts
Trusts techniques and commands for Active Directory security assessment.
Guardian - HTB
Guardian is a Linux box combining IDOR in a student portal, XSS via PhpSpreadsheet, CSRF admin creation, PHP filter chain RCE, and sudo misconfigurations to read root files.
Artificial - HTB
Easy Linux target centered around an AI model runner and a backup UI, chaining model deserialization with backup extraction and restic abuse for root.
Soulmate - HTB
Easy Linux machine using CrushFTP auth bypass for admin access, webshell upload, leaked Erlang creds, and an Erlang SSH service to read root files.
TombWatcher - HTB
Active Directory chain using delegated rights to roast and pivot between users, recover gMSA secrets, and abuse ADCS/OU permissions to obtain Administrator access.