Challenge Overview Invincible is an Android CTF challenge that involves analyzing a mobile app to uncover an exposed OpenAPI specification. This API documentation reveals both the structure of re...

Driver is an easy Windows machine that focuses on printer exploitation. Enumeration of the machine reveals that a web server is listening on port 80, along with SMB on port 445 and WinRM on port 59...

Precious is an Easy Difficulty Linux machine, that focuses on the Ruby language. It hosts a custom Ruby web application, using an outdated library, namely pdfkit, which is vulnerable to CVE-2022-25...

BoardLight is an easy difficulty Linux machine that features a Dolibarr instance vulnerable to CVE-2023-30253. This vulnerability is leveraged to gain access as www-data. After enumerating and dump...

Remote enumeration finds HTTP(S) and SSH. A WordPress information disclosure (static page leak) reveals a registration link for an internal chat service. The chat service exposes an RCE-like abilit...

Underpass is an easy-rated Linux machine that starts with a default Apache Ubuntu page on port 80. Further enumeration reveals an SNMP service running on UDP port 161, which discloses that the box ...

SSTI1 - web Challenge Overview I made a cool website where you can announce whatever you want! Try it out! I heard templating is a cool and modular way to build web apps! Check out my website . ...

Web Challenges Chiti Chiti is a very easy web challenge.We start off by getting a hint in the source code shifting our focus to the robots.txt file and we get the flag. Other than the poetic de...

Cicada is a beginner-to-intermediate Windows machine that focuses on foundational Active Directory enumeration and exploitation techniques. Throughout the engagement, I enumerated the domain to ide...

Sea is a Linux-based machine that requires exploiting multiple vulnerabilities to achieve root access. For the initial foothold, I identified a vulnerability in Wonder CMS, specifically a Cross-Si...