Soccer is an easy Linux machine. It has three ports open one of which is a webpage that contain a tiny file manager instance running. Using default credentials we are able to access it and upload a...

Instant is a medium Linux box. We are given an apk file which we can extract to view its source code. Inside this code we see that it is making API calls to its own site. After searching through th...

Builder is a medium Linux box. The machine only has two ports open one of which is an open Jenkins portal. This version of Jenkins is vulnerable to a file disclosure. Using this arbitrary file read...

This machine was quite hard for me. I learned a lot about exploiting ruby data serialization and finding information inside of pdf files with exiftool. Enumeration This machine only has two po...

This was a really fun box. It is also the first medium I have completed and I only needed a tiny tip to fully root it. We are given Olivia’s credentials which we can use to enumerate the box. With ...

Return is an easy Windows machine. It has a lot of ports open which might be overwhelming at first but if you enumerate carefully you can quickly discard ports until you only have one clear route t...

This machine was hard but very rewarding. To get a foothold you have to be able to generate valid invite codes and you must edit your own user data and set your account to an administrator account....

I found this machine fun. It is pretty easy if you are able to enumerate the website properly. The main website does not have anything interesting but the dev subdomain has Joomla 4.2.6 running whi...