| Machine Name | Operating System | Tools Used | Skills Learned |
|---|---|---|---|
| Lame | Linux | Nmap, FTP, SearchSploit, Metasploit, smbclient | Identifying vulnerable services, Exploiting Samba |
| Mirai | Linux | Nmap, Gobuster, SSH, df, strings | Identifying an IoT device, Forensic file recovery |
| Active | Windows | Nmap, smbclient, gpp-decrypt, Impacket, John the Ripper, Metasploit | SMB enumeration techniques, Group Policy Preferences enumeration and exploitation, Identification and exploitation of Kerberoastable accounts |
| PermX | Linux | Nmap, Ffuf, cURL, Git, Netcat, MySQL, SSH, openssl | Leveraged Chamilo CVE-2023-4220 for remote code execution, Exploited ACL misconfiguration with a symbolic link to modify /etc/passwd and gain root access |
| BoardLight | Linux | Nmap, Ffuf, Netcat, Git, Python3, SSH, Bash | Dolibarr Exploitation, SUID Exploitation |
| GreenHorn | Linux | TBA | This machine is still active. The writeup will be available once the machine is retired. |
| Blue | Windows | Nmap, smbclient, crackmapexec, SearchSploit, Metasploit | Identifying Windows targets using SMB, Exploit modification |
| Legacy | Windows | Nmap, crackmapexec, SearchSploit, Metasploit | Identifying vulnerable services, Exploiting SMB |
| Cap | Linux | Nmap, WireShark, FTP, SSH, Python, Wget, LINpeas | IDOR, Exploiting Linux capabilities |
| Jerry | Windows | Nmap, Python3, Metasploit, MSFVenom, Netcat | Tomcat exploitation using multiple approaches, Writing scripts to brute-force credentials, Custom war file payload creation |
| Netmon | Windows | Nmap, FTP, Metasploit | Exploiting PRTG Network Monitor |
| Keeper | Linux | Nmap, SSH, Git, SCP, Python3, KeePassXC, PuTTYgen | Identifying vulnerabilities in Request Tracker, KeePass exploitation |
| Knife | Linux | Nmap, Wappalyzer, cURL, Git, Python3, Netcat, GTFOBins | Identifying vulnerabilities in specific version of PHP and exploiting a backdoor for remote code execution (RCE), Utilizing the knife command for privilege escalation |
| Bashed | Linux | Nmap, Gobuster, phpbash, Python, Netcat | Web shell exploitation by leveraging a pre-existing shell(phpbash), Privilege escalation through script modification and scheduled root execution |
| Chemistry | Linux | TBA | This machine is still active. The writeup will be available once the machine is retired. |
| Sau | Linux | Nmap, Git, Bash, Python3, Netcat, GTFOBins | SSRF exploitation using CVE-2023-27163, privilege escalation via systemctl using CVE-2023-26604 |
| Machine Name | Operating System | Tools Used | Skills Learned |
|---|---|---|---|
| Meow | Linux | ping, Nmap, Telnet | Performing port scanning and service identification using Nmap, Exploiting Telnet |
| Fawn | Linux | Nmap, FTP | Exploiting anonymous FTP login |
| Dancing | Windows | Nmap, smbclient | Enumerating SMB shares |
| Redeemer | Linux | Nmap, redis-cli | Interacting with and enumerating a Redis server |
| Explosion | Windows | Nmap, xfreerdp | Connecting to a remote desktop using xfreerdp |
| Preignition | Linux | Nmap, Gobuster | Performing directory brute-forcing using Gobuster, Identifying and exploiting default web credentials |
| Mongod | Linux | Nmap, mongo | Connecting to and interacting with a MongoDB instance |
| Synced | Linux | Nmap, rsync | Enumerating and downloading files from rsync shares |
| Appointment | Linux | Nmap, BurpSuite | Performing SQL injection attack |
| Sequel | Linux | Nmap, MySQL | Interacting with a MySQL database using MySQL CLI |
| Crocodile | Linux | Nmap, FTP, Gobuster | Gaining access to a system by combining FTP enumeration and directory brute-forcing |
| Responder | Windows | Nmap, Responder, John the Ripper, evil-winrm | Exploiting Local File Inclusion (LFI) vulnerabilities, Capturing and cracking NTLMv2 hashes |
| Three | Linux | Nmap, WFuzz, awscli | Discovering and interacting with S3 buckets, Uploading and executing a PHP webshell |
| Ignition | Linux | Nmap, Gobuster, BurpSuite | Brute-forcing admin login credentials, Discovering hidden directories |
| Bike | Linux | Nmap, Wappalyzer, BurpSuite | Exploiting Server-Side Template Injection (SSTI) vulnerabilities, Using Node.js globals to execute arbitrary system commands on the server |
| Funnel | Linux | Nmap, FTP, SSH, psql | SSH tunneling (local port forwarding), Interacting with a PostgreSQL database |
| Pennyworth | Linux | Nmap, BurpSuite, Netcat | Brute-forcing login credentials, Establishing a reverse shell |
| Tactics | Windows | Nmap, smbclient | Enumerating and extracting files from SMB shares |
| Archetype | Windows | Nmap, smbclient, Impacket (mssqlclient), PowerShell, Wget, Netcat, WinPEAS | Exploiting Microsoft SQL Server vulnerabilities, Using WinPEAS for privilege escalation |
| Oopsie | Linux | Nmap, DirBuster, Gobuster, Netcat, SSH | Cookie manipulation, Exploiting SUID binaries and PATH manipulation for root access |
| Vaccine | Linux | Nmap, FTP, John the Ripper, Hashcat, SQLmap, Netcat, vi | Password cracking with John the Ripper and Hashcat, Exploiting SQL injection vulnerabilities with SQLmap, Privilege escalation through configuration modification in pg_hba.conf and shell execution via vi |
| Unified | Linux | Nmap, BurpSuite, tcpdump, rogue-jndi, Netcat, mkpasswd, mongo, SSH | Exploiting JNDI injection vulnerabilities in Java applications, Interacting with MongoDB to retrieve and manipulate user credentials |
| Included | Linux | Nmap, cURL, TFTP, Netcat, lxc, Wget, Git, Python3 | Local File Inclusion (LFI) exploitation, LXD container privilege escalation |
| Markup | Windows | Nmap, BurpSuite, SSH, PowerShell, Wget, Python3, Netcat | XXE (XML External Entity) vulnerability exploitation, User privilege escalation using Windows services and scripts |
| Base | Linux | Nmap, strings, BurpSuite, Gobuster, Netcat, SSH, find | Bypassing authentication by manipulating request parameters, Finding file paths and utilizing LFI (Local File Inclusion) to access sensitive files, Privilege escalation through misconfigured binaries using find command to gain root access |