Challenge-1 Blemflarck The Galactic Federation is taking control over the universe using a group of superheroes. The world’s redemption is in your hands. Enter the intergalactic portal and sabotag...
Recently, I stumbled on an initiative “The Auror Project” by Sudarshan Pisupati which was starting a course called “3 Machine Labs”. “3 Machine Labs” is a challenge based learning approach to soli...
Vault is medium to hard difficulty machine, which requires bypassing host and file upload restrictions, tunneling, creating malicious OpenVPN configuration files and PGP decryption. Reconnaissance ...
Knife is an easy difficulty Linux machine that features an application which is running on a backdoored version of PHP: PHP/8.1.0-dev. This vulnerability is leveraged to obtain the foothold on the...
Ypuffy is medium difficulty machine which highlights the danger of allowing LDAP null sessions. It also features an interesting SSH CA authentication privilege escalation, via the OpenBSD doas com...
Giddy is a super cool box which gives real-life experience by Bypassing Windows Defender, Applock and Constrained Language Mode. It starts with enumeration leading to a site which is vulnerable to ...
Love is an easy box, Awesome for beginners. Starts with a SSRF to access a forbidden page meant to be accessed locally which leaks credentials for a Voting system. That voting system allows anyone ...
Foothold starts with Wordpress plugin gwolle-gb which is vulnerable to Remote File-Inclusion. You can get user by exploiting sudo privileges on tar, then grabbing MySQL DB password from web-root an...
Olympus is CTF-like box. Starting with exploting X-Debug plugin in Apache with just HTTP Headers which gives you a container shell. You pivot to other containers while exploring techniques like 802...
Stratosphere is a pretty cool box with an Apache Struts vulnerability in which endpoints ending with .action, .go, .do can be injected with a specially crafted Content-Header leading to Remote code...