Builder is a Linux machine running a version of Jenkins with an arbitrary file read vulnerability via the CLI (CVE-2024-23897). This…

Aero is a Windows machine hosting a website that allows users to upload custom Windows 11 themes. Due to a known RCE vulnerability in…

Visual is a Windows machine hosting a website that compiles Visual Studio projects from a remote Git repository. Command execution on the…

Jab is a Windows machine running Active Directory with an XMPP server that allows open registration. Once an account has been created, a…

Manager is a Windows machine running Active Directory. After gathering a list of domain users by brute-forcing SIDs, one of the users is…

Blackfield is a Windows machine running Active Directory. A list of potential usernames can be created based on user directories found in an…

Reel is a Windows machine running Active Directory with an open FTP server that contains a few documents, one of which reveals an email…

Escape is a Windows machine running Active Directory with an open SMB share containing credentials for an MSSQL instance. After connecting…

Scrambled is a Windows machine running Active Directory. A username can be found on a hosted webpage as well as a message indicating that…

Zipping is a Linux machine hosting a website with a form used to upload ZIP archives that contain a PDF document. Arbitrary files on the…

Intelligence is a Windows machine with an Active Directory environment. Browsing a hosted webpage leads to the discovery of a naming…

Cascade is a Windows machine running Active Directory. An anonymous LDAP bind allows for enumeration of the environment, leading to the…

Monteverde is a Windows machine with an Active Directory environment featuring Azure AD. After enumerating domain users, it can be…

Resolute is a Windows machine running Active Directory. A few different methods can be used to enumerate users on the system and reveal an…

VulnNet: Active is a Windows machine running Active Directory with an instance of Redis that doesn't require authentication. This can be…

Timelapse is a Windows machine running Active Directory with an open SMB share that contains a password protected ZIP file. The password can…

Blue is a Windows machine running SMB. A scan with Nmap can reveal that the box is vulnerable to EternalBlue, an exploit that targets a flaw…

Return is a Windows machine running Active Directory. A webpage featuring a printer admin panel can be leveraged to reveal LDAP credentials…

Sauna is a Windows machine featuring an Active Directory environment. A list of potential usernames can be generated based on a webpage that…

Active is a Windows machine running Active Directory with an open SMB share that contains an encrypted GPP (Group Policy Preferences…

Forest is a Windows machine running Active Directory. An anonymous LDAP bind allows for enumeration of the system which can be leveraged to…

Cronos is a Linux machine hosting a website with an admin subdomain that contains a login form with a SQL injection vulnerability. After…

Magic is a Linux machine featuring an image upload application with a login form that can be bypassed with a basic SQL injection. The…

Authority is a Windows machine running Active Directory that has an open SMB share containing ansible vault encrypted credentials. Once…

Topology is a Linux machine hosting a website with a PNG image generator based on LaTeX inline math mode commands. This feature can be…

Inject is a Linux machine hosting a cloud storage and collaboration app built with Java and the Spring framework. A route on the app has a…

MonitorsTwo is a Linux machine with a web application that uses Cacti, a web based monitoring and fault management framework. The version of…

Busqueda is a Linux machine featuring a web application that provides users with a URL for a variety of search engines across the web with…

Pilgrimage is a Linux machine hosting an image shrinker application that uses the ImageMagick software for image processing. However, the…

PC is a Linux machine with an open port running gRPC (Google Remote Procedure Call). Interaction with the server using allows for the…

TwoMillion is a Linux machine hosting a web application with an API that has a command execution vulnerability. This vulnerability can be…

Opacity is a Linux machine with a web app that features a vulnerable image upload form which can be used to upload a reverse shell to gain…

Mirai features a Raspberry Pi device with default credentials that can be used to log in over SSH. Enumeration of the system reveals a USB…

Diogenes' Rage is a web challenge featuring a vending machine application that enables users to purchase items using a coupon worth $1.0…

Didactic Octo Paddles is a web challenge that features an application with a vulnerable implementation of JWT token validation using the…

Orbital is a web challenge featuring a web application susceptible to SQL injection. After utilizing SQLi to bypass login as the user, an…

Passman is a web challenge that features a password manager application built with GraphQL. Analysis of the code reveals an insecure direct…

Stocker is a Linux machine running a web server that hosts an e-commerce site with a vulnerable API. This API can be exploited using a NoSQL…

Laboratory is a Linux machine with a GitLab web application running in a docker container. Exploiting an arbitrary file read vulnerability…

Support is a Windows machine running Active Directory. There's an open SMB share containing a .NET executable which authenticates using the…